CVE-2025-53811
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-08-26

Assigner: CERT.PL

Description
The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions.  Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Mosh-Pro, potentially disguising attacker's malicious intent.  This issue was detected in 1.3.2 version of Mosh-Pro. Since authors did not respond to messages from CNA, patching status is unknown.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-08-26
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-53811
EUVD
EUVD-2025-28538
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
moshpro mosh-pro 1.3.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-276 During installation, installed file permissions are set to allow anyone to modify those files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Mosh-Pro on macOS occurs when the "RunAsNode" fuse is enabled. It allows a local attacker with limited (unprivileged) access to execute arbitrary code that inherits the application's TCC (Transparency, Consent, and Control) permissions. This means the attacker can use the permissions previously granted to Mosh-Pro without needing additional user approval, potentially disguising malicious actions as legitimate ones.

Impact Analysis

The vulnerability can allow a local attacker to run arbitrary code with the same TCC permissions as Mosh-Pro, potentially accessing resources that the user has previously allowed Mosh-Pro to use. This could lead to unauthorized actions or data access under the guise of the trusted application, increasing the risk of malicious activity on the affected system.

Mitigation Strategies

Since the patching status is unknown and the authors did not respond to CNA messages, immediate mitigation steps are not specified. However, as the vulnerability involves local unprivileged access exploiting Mosh-Pro's RunAsNode fuse enabled configuration, it is advisable to restrict local unprivileged user access to systems running Mosh-Pro version 1.3.2 and monitor for suspicious activity related to Mosh-Pro processes. Additionally, consider disabling or limiting the use of the RunAsNode fuse feature if possible until a patch is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-53811. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart