CVE-2025-8597
BaseFortify
Publication date: 2025-08-26
Last updated on: 2025-08-26
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| invoice_ninja | invoice_ninja | * |
| macvim | macvim | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves MacVim on macOS having the 'com.apple.security.get-task-allow' entitlement enabled in its configuration. This entitlement allows local attackers with limited privileges, such as through a malicious application, to attach a debugger to MacVim, read or modify its process memory, and inject code into its context. This happens despite MacVim being signed with the Hardened Runtime and bypasses macOS's Transparency, Consent, and Control (TCC) protections. Normally, attaching a debugger requires user or administrator authorization, but this entitlement removes that step, making it easier for attackers to exploit the application. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker to debug MacVim without proper authorization, potentially reading or modifying its memory and injecting malicious code. This could lead to unauthorized code execution within MacVim's process, compromising the security and integrity of the application. However, access to other system resources remains limited to those already granted by the user, and additional permissions require user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the MacVim application binary is signed with the "get-task-allow" entitlement. You can inspect the entitlements of the MacVim binary using the command: `codesign -d --entitlements :- /path/to/MacVim.app` and look for the presence of the "com.apple.security.get-task-allow" entitlement. If this entitlement is present, the vulnerability exists. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update MacVim to a version that has removed the "get-task-allow" entitlement, specifically build r181.2 or later. If building locally, use the new make target that signs MacVim builds with an ad-hoc signature embedding the correct entitlements without "get-task-allow". Avoid using versions of MacVim that include the unnecessary debugging entitlement to prevent local attackers from attaching debuggers or injecting code. [1]