← Back to CVE List

CVE-2025-22136

Published: 2025-01-08T16:15Z
Last Modified: 2025-01-08T16:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt