What the vulnerability does
01Description
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.
CVSS base score
7.4/10
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
Key dates
02Disclosure timeline
January 4, 2023
CVE published
April 10, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-34116 IPFire < 2.19 Core Update 101 proxy.cgi RCE
CVE-2026-34779 Electron: AppleScript injection in app.moveToApplicationsFolder on macOS
CVE-2023-28983 Junos OS Evolved: Shell Injection vulnerability in the gNOI server
CVE-2025-6102 Wifi-soft UniBox Controller logout.php os command injection
CVE-2021-21888
