A critical local code execution vulnerability in electerm allows attackers to execute arbitrary commands by tricking users into opening malicious links.

The application fails to sanitize inputs provided via deep links or CLI arguments, allowing an attacker to inject and execute arbitrary OS commands when the application is launched.

With a CVSS score of 9.6, this vulnerability allows for local system compromise. An attacker gaining code execution on a user's machine can steal local credentials, access SSH keys, or pivot into internal network segments, causing significant security breaches.

Immediate Action: Update electerm to version 3.8.15 or later immediately.

Proactive Monitoring: Monitor endpoint logs for suspicious process execution spawned by the electerm application.

Compensating Controls: Implement endpoint protection (EDR) to detect and block abnormal command-line execution patterns originating from terminal/SSH clients.

Public Exploit Available: No

This vulnerability requires urgent attention, especially for users who frequently interact with external links or handle remote systems. Patching is the only effective way to mitigate the risk of command injection.