CVE-2025-29509

Name of the Vulnerable Software and Affected Versions Jan versions 0.5.14 and earlier

Description The software is susceptible to remote code execution (RCE) when a user clicks on a link displayed within a conversation. This occurs because the application opens external websites and exposes the electronAPI, specifically lacking URL filtering when calling the shell.openExternal() function.

Recommendations Versions prior to 0.5.14 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.