CVE-2025-54871

Name of the Vulnerable Software and Affected Versions Electron Capture versions 2.19.1 and below

Description Electron Capture facilitates video playback for screen-sharing and capture. The elecap app on macOS allows local unprivileged users to bypass macOS TCC (Transparency, Consent, and Control) privacy protections by enabling the ELECTRON RUN AS NODE environment variable. This variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.).

Recommendations Update to version 2.20.0 or later.