usd-2023-0027 | Outdated Electron used by FileCloud Drive

Advisory ID: usd-2023-0027
Product: FileCloud Drive
Affected Version: Unknown
Vulnerability Type: CWE 1395 - Dependency on Vulnerable Third-Party Component
Security Risk: CRITICAL (see CVE-2022-29247)
Vendor URL:
Vendor acknowledged vulnerability: Yes
Vendor Status: Unknown
CVE number: Not eligible

Affected Component

Dependency of FileCloud Drive


Outdated dependencies may introduce security vulnerabilities in software and should be checked regularly for new releases.
FileCloud Drive uses an outdated version of electron for which known vulnerabilities exist.
Also, the used release was release over a year ago which may indicate that a process for checking for new version of used dependencies does not exist.

Proof of Concept

1) Download FileCloud Drive for Windows:
2) Install it
3) Go to the following path:
Local Disk (C:) > Users > pentester > AppData > Roaming > FileCloud Drive > data

4) Open "fcedc.log":

5) At the top of the file the version number of electron is documented: 13.6.9
The current version of electron is: v25.3.1


Update Electron to the current version



  • 2023-07-14: Vulnerability identified by Merten Nagel
  • 2023-07-27 until 2023-08-07: Sent initial contact requests via and submitted vulnerability details via
  • 2023-09-07 until 2023-10-22: Sent numerous update requests to and, all left unanswered
  • 2023-11-22: Sent another update request and final deadline to the above email adresses.
  • 2024-02-01: This advisory is published.


This security vulnerability was identified by Merten Nagel of usd AG.