A critical vulnerability in Electerm allows attackers to achieve arbitrary code execution via a malicious terminal hyperlink, requiring immediate user caution.

The application passes terminal output links directly to shell.openExternal without protocol validation, allowing attackers to trigger arbitrary execution or file access.

With a CVSS score of 9.6, this flaw poses a severe risk to end-user workstations. Successful exploitation allows an attacker to gain control over the user's local machine, potentially leading to the theft of SSH keys, configuration files, or other sensitive local information.

Immediate Action: Users should exercise extreme caution and avoid clicking untrusted links in terminal outputs until a patch is released.

Proactive Monitoring: Monitor for unusual file access or process execution linked to the terminal application.

Compensating Controls: Use a different terminal client if possible or disable terminal hyperlink features if the application configuration permits.

Public Exploit Available: No

Maintain heightened vigilance when interacting with terminal sessions. If the software is used in a high-security environment, consider migrating to an alternative terminal client until the vendor releases a security update.