CVE-2025-51387 is a critical code injection vulnerability affecting GitKraken Desktop versions 10.8.0 and 11.1.0. The root cause lies in the misconfiguration of Electron Fuses, specifically the enabling of the RunAsNode setting combined with the failure to disable EnableNodeCliInspectArguments. Electron Fuses are security controls designed to restrict the capabilities of Electron applications by disabling or limiting Node.js integration features that could be exploited. In this case, RunAsNode being enabled allows the GitKraken application to be executed in Node.js mode, which is not intended for normal operation. Additionally, EnableNodeCliInspectArguments not being disabled means that command-line arguments related to Node.js inspection and debugging are accepted. Together, these settings allow an attacker to pass crafted arguments that lead to arbitrary code execution within the context of the application. This vulnerability corresponds to CWE-94 (Improper Control of Generation of Code), indicating that untrusted input can be used to inject and execute malicious code. The CVSS 3.1 base score of 9.8 reflects the critical nature of this flaw, with an attack vector that is network-based, no required privileges or user interaction, and full impact on confidentiality, integrity, and availability. Although no known exploits are reported in the wild yet, the ease of exploitation and severity make this a high-priority issue for affected users. Since GitKraken is a popular Git client used by developers and organizations for version control and collaboration, exploitation could lead to compromise of developer workstations, leakage or tampering of source code, and further lateral movement within corporate networks.

For European organizations, the impact of this vulnerability is significant. GitKraken is widely adopted in software development environments across Europe, including in sectors such as finance, manufacturing, telecommunications, and government. Successful exploitation could allow attackers to execute arbitrary code on developer machines, potentially leading to theft or manipulation of sensitive intellectual property and source code repositories. This could undermine software supply chain integrity and introduce backdoors or malicious code into production software. The full compromise of confidentiality, integrity, and availability means attackers could disrupt development workflows, cause data loss, or use compromised systems as footholds for broader network intrusion. Given the criticality of software development in digital transformation initiatives across Europe, this vulnerability poses a substantial risk to operational continuity and data security. Furthermore, regulatory frameworks like GDPR impose strict requirements on data protection, and a breach resulting from this vulnerability could lead to compliance violations and reputational damage.

Immediate mitigation steps include disabling the RunAsNode setting and ensuring EnableNodeCliInspectArguments is explicitly disabled in the Electron Fuse configuration of GitKraken Desktop. Since these settings are typically controlled by the application vendor, affected organizations should monitor for and apply official patches or updates from GitKraken as soon as they become available. In the interim, organizations should restrict network access to developer workstations running vulnerable GitKraken versions, implement application whitelisting to prevent unauthorized execution of Node.js processes, and enforce strict endpoint security controls including behavior-based detection for suspicious command-line arguments or process launches. Additionally, organizations should audit developer environments for signs of compromise and review source code repositories for unauthorized changes. Educating developers about the risks of running untrusted code and maintaining robust backup and version control practices will also help mitigate potential damage. Finally, consider isolating development environments from critical production networks to limit lateral movement in case of exploitation.