CVE-2025-54792

Name of the Vulnerable Software and Affected Versions LocalSend versions 1.16.1 and earlier

Description LocalSend is an open-source application designed for secure file and message sharing between nearby devices on local networks without requiring an internet connection. A critical Man-in-the-Middle (MitM) vulnerability exists in the software’s discovery protocol, allowing an unauthenticated attacker on the same local network to impersonate legitimate devices. This enables the attacker to silently intercept, read, and modify any file transfer. The vulnerability can be exploited to steal sensitive data or inject malware, such as ransomware, into files shared between trusted users. The attack is difficult to detect and easy to implement, posing a severe and immediate security risk.

Recommendations Update LocalSend to version 1.17.0 or later.