6.2

CVE-2025-55076

Exploit

EPSS 0.02%
Veröffentlicht 03.12.2025 00:00:00
Zuletzt bearbeitet 18.12.2025 20:56:41
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Plugin-alliance ≫ Installation Manager Version1.4.0

Apple ≫ macOS Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.047

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://almightysec.com/plugin-alliance-helpertool-xpc-service-local-privilege-escalation/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-55076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55076

EUVD