CVE-2025-22136

Vulnerability Description

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217.

Related Weaknesses (CWE)

References

• https://github.com/Eugeny/tabby/commit/93513541f7161fa8a59491603cabb6a101c0c08e
• https://github.com/Eugeny/tabby/security/advisories/GHSA-prcj-7rvc-26h4

FAQ

What is CVE-2025-22136?

CVE-2025-22136 is a documented vulnerability. Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableN...

How severe is CVE-2025-22136?

CVSS scoring is not yet available for CVE-2025-22136. Check NVD for updates.

Is there a patch for CVE-2025-22136?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.