CVE-2025-53811
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-08-26
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moshpro | mosh-pro | 1.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Mosh-Pro on macOS occurs when the "RunAsNode" fuse is enabled. It allows a local attacker with limited (unprivileged) access to execute arbitrary code that inherits the application's TCC (Transparency, Consent, and Control) permissions. This means the attacker can use the permissions previously granted to Mosh-Pro without needing additional user approval, potentially disguising malicious actions as legitimate ones.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to run arbitrary code with the same TCC permissions as Mosh-Pro, potentially accessing resources that the user has previously allowed Mosh-Pro to use. This could lead to unauthorized actions or data access under the guise of the trusted application, increasing the risk of malicious activity on the affected system.
What immediate steps should I take to mitigate this vulnerability?
Since the patching status is unknown and the authors did not respond to CNA messages, immediate mitigation steps are not specified. However, as the vulnerability involves local unprivileged access exploiting Mosh-Pro's RunAsNode fuse enabled configuration, it is advisable to restrict local unprivileged user access to systems running Mosh-Pro version 1.3.2 and monitor for suspicious activity related to Mosh-Pro processes. Additionally, consider disabling or limiting the use of the RunAsNode fuse feature if possible until a patch is available.