CVE-2025-51387

Name of the Vulnerable Software and Affected Versions GitKraken Desktop versions 10.8.0 and 11.1.0

Description GitKraken Desktop is susceptible to code injection due to misconfigured Electron Fuses. Insecure settings, specifically RunAsNode being enabled and EnableNodeCliInspectArguments not being disabled, allow the application to be executed in Node.js mode. This enables attackers to pass arguments that result in arbitrary code execution.

Recommendations GitKraken Desktop version 10.8.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability. GitKraken Desktop version 11.1.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.