Electerm multi-protocol terminal/remote access client versions prior to 3.3.8
Summary
Electerm is a popular open-source terminal, SSH, and remote access client used by developers and system administrators. A command injection vulnerability exists in the runLinux() function of the install script. Attackers can inject malicious shell commands via attacker-controlled version strings that are executed without input validation.
Remediation
Update Electerm to version 3.3.8 or later immediately. Notify all users with Electerm installed on workstations to apply the security update. Only download Electerm releases from the official, trusted repository to avoid exploitation.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.