Overview
A critical security vulnerability, identified as CVE-2025-31477, has been discovered in the Tauri Plugin Shell, specifically affecting the open endpoint. This flaw allows improper scope validation, enabling the execution of dangerous protocols that can lead to remote code execution (RCE).
Technical Details
The vulnerability is rooted in CWE-20: Improper Input Validation. In affected versions prior to 2.2.1, the open endpoint fails to properly restrict supported protocols. Although it was intended to only permit safe protocols like https:// or mailto:, it mistakenly allowed others such as file://, smb://, or nfs://. When untrusted user input is passed to this endpoint, these protocols may be triggered, allowing arbitrary file access or command execution through the system’s registered protocol handler.
Severity and Exploitation
The vulnerability has a CVSS 4.0 base score of 9.3 (Critical), reflecting its high potential impact:
- Attack Vector: Network
- Privileges Required: None
- User Interaction: None
- Impact: High (Confidentiality, Integrity, Availability)
This issue can be exploited either by exposing the vulnerable endpoint to users directly or by executing malicious code in the frontend of a Tauri application.
Affected Versions
- All versions of
tauri-plugin-shellprior to 2.2.1
Mitigation and Recommendations
This vulnerability has been fixed in version 2.2.1. It is strongly recommended that all users of the Tauri shell plugin:
- Upgrade to v2.2.1 or later immediately
- Restrict usage of the
openendpoint to trusted inputs - Audit frontend code to avoid execution of user-controlled inputs