CVE-2024-9062
BaseFortify
Publication date: 2025-06-11
Last updated on: 2025-06-12
Assigner: Pentraze
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Archify application is a local privilege escalation issue caused by insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper. The helper runs with root privileges and allows privileged operations like arbitrary file deletion and permission changes. However, it does not verify the code signature, entitlements, or signing flags of the connecting client process. Because of this lack of validation, any local process can connect to the helper and execute privileged actions as root, leading to unauthorized root-level access.
How can this vulnerability impact me? :
This vulnerability can allow any local user or process on the affected system to gain root-level privileges by exploiting the helper tool's lack of client validation. This means an attacker could perform unauthorized actions such as deleting arbitrary files or changing file permissions, potentially compromising system integrity, confidentiality, and availability.