What is GHSA-c9g7-w3c8-9989?

GHSA-c9g7-w3c8-9989 is a security advisory published by GitHub Security Advisories with High severity. Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local...

Which CVE IDs does GHSA-c9g7-w3c8-9989 cover?

GHSA-c9g7-w3c8-9989 covers the following CVE IDs: CVE-2018-25361. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-c9g7-w3c8-9989?

GHSA-c9g7-w3c8-9989 has a CVSS v3 base score of 6.8, published by GitHub Security Advisories.

GHSA-c9g7-w3c8-9989HighCVSS 6.8

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2018-25361 →

📋 Description

Soroush IM Desktop App 0.17.0 contains an authentication bypass vulnerability that allows local attackers to remove passcodes by injecting pre-encrypted database entries using a constant encryption key. Attackers can inject malicious database records into the application's database files to unlock the client and access all stored data, chats, images, and files without knowing the original passcode.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2018-25361
https://soroush-app.ir
https://www.exploit-db.com/exploits/45171
https://www.vulncheck.com/advisories/soroush-im-desktop-app-authentication-bypass-via-database-injection
http://54.36.43.176/SoroushSetup0.17.0.exe
https://github.com/advisories/GHSA-c9g7-w3c8-9989