TidGi Desktop Remote Code Execution via Malicious TiddlyWiki Repository Import
A critical remote code execution (RCE) vulnerability exists in TidGi Desktop through version 0.13.0, allowing attackers to execute arbitrary code with full Node.js access by tricking victims into importing a specially crafted TiddlyWiki Git repository, leveraging the automatic execution of 'startup' modules during the wiki boot sequence.
TidGi Desktop, up to and including version 0.13.0, is affected by a critical remote code execution vulnerability. This flaw can be exploited when a user imports a specially crafted TiddlyWiki repository. The vulnerability stems from TiddlyWiki's module system, which automatically discovers and executes JavaScript code embedded in .tid files placed in the wiki's tiddlers/ directory. Specifically, .tid files are auto-loaded into the wiki store, modules with module-type: startup are automatically registered, and their exports.startup() function is executed during the wiki's boot sequence with full Node.js require() access. This allows an attacker to execute arbitrary commands on the victim's system, confirmed on macOS with TiddlyWiki 5.4.0 and Node.js v26. No authentication is required beyond a single user interaction to import the malicious repository, making it a high-impact vulnerability.
Attack Chain
- An attacker crafts a malicious TiddlyWiki repository containing a
.tidfile withmodule-type: startupand JavaScript code in theexports.startupfunction (e.g.,require('child_process').execSync('calc');). - The victim is enticed to import the malicious repository into TidGi Desktop, typically by clicking "Add Workspace" and selecting the attacker-controlled Git repository or local folder.
- TidGi Desktop initiates the wiki boot sequence, which involves
$tw.boot.startup(). - During
loadStartup(), theloadTiddlersNode()function reads all.tidfiles from the filesystem, including the attacker's malicious file, and adds them to the wiki store viawiki.addTiddlers(). - Subsequently,
execStartup()callsdefineTiddlerModules(), which iterates through all tiddlers in the store. The attacker's tiddler, havingmodule-type: startup, is registered as an executable module. - The boot sequence proceeds to
forEachModuleOfType("startup", ...), collecting all registered "startup" modules, including the attacker's. - Finally,
executeNextStartupTask()calls theexports.startup()function of the collected modules without platform restrictions, leading to the execution of the attacker's JavaScript code with full Node.js privileges. - Arbitrary commands, such as launching
calc.exeor creating files, are executed on the victim's operating system.
Impact
Successful exploitation of this vulnerability leads to critical consequences, including full Node.js access for the attacker, enabling remote code execution on the victim's machine. Attackers can leverage this access to perform arbitrary file reads and writes, establish reverse shells using Node.js's net module, and establish persistence by writing to startup scripts or other system mechanisms. The vulnerability affects Windows, macOS, and Linux systems and requires only a single user interaction (importing the repository). Given that TidGi Desktop is a personal knowledge base and note-taking application, a compromise could lead to significant data exfiltration, system damage, or further lateral movement within an affected environment.
Recommendation
- Enable comprehensive
process_creationlogging across all endpoints running TidGi Desktop to detect unusual child processes spawned by Node.js or TidGi-Desktop, leveraging the Sigma rule provided in this brief. - Monitor
file_eventlogs for suspicious file creations, especially in temporary directories (/tmpon Linux/macOS,%TEMP%on Windows), originating from the TidGi-Desktop process or its child processes. - Educate users about the risks of importing untrusted repositories or files into applications like TidGi Desktop.
- Implement application whitelisting solutions to restrict execution of unknown or untrusted executables, particularly those launched as child processes by applications like TidGi Desktop.
Detection coverage 1
Detect TidGi Desktop RCE Payload Execution
criticalDetects suspicious process creation by TidGi Desktop, indicative of successful remote code execution through malicious TiddlyWiki repository import. This rule looks for common command execution utilities spawned by the TidGi Desktop process.
Detection queries are available on the platform. Get full rules →
Indicators of compromise
2
code
2
filename
| Type | Value |
|---|---|
| filename | /tmp/TidGi-RCE-PoC.txt |
| filename | tiddlers/$__plugins__poc__startup.js.tid |
| code | exports.startup = function() { require('child_process').execSync('calc'); }; |
| code | exports.startup = function() { require('child_process').execSync('touch /tmp/TidGi-RCE-PoC.txt'); console.log('STARTUP_EXECUTED'); }; |