CVE-2025-55204

Name of the Vulnerable Software and Affected Versions muffon versions prior to 2.3.0

Description muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a Remote Code Execution (RCE) issue. An attacker can exploit this by embedding a specially crafted muffon:// link on a website they control. When a victim visits the site or clicks the link, the browser triggers Muffon’s custom URL handler, causing the application to launch and process the URL, leading to RCE on the victim's machine without further interaction.

Recommendations Update to version 2.3.0 or later.