CVE-2025-8700
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-08-26

Assigner: CERT.PL

Description
Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify the process memory, inject code in the application's context despite being signed with Hardened Runtime and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission. According to Apple documentation, when a non-root user runs an app with the debugging tool entitlement, the system presents an authorization dialog asking for a system administrator's credentials. Since there is no prompt when the target process has "get-task-allow" entitlement, the presence of this entitlement was decided to be treated as a vulnerability because it removes one step needed to perform an attack. This issue was fixed in version 5.0.175
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-08-26
Generated
2026-05-07
AI Q&A
2025-08-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8700
EUVD
EUVD-2025-25784
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
invoiceninja invoiceninja 5.0.175
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Invoice Ninja's macOS configuration involves the presence of the entitlement "com.apple.security.get-task-allow". This entitlement allows local attackers with unprivileged access, such as through a malicious application, to attach a debugger to the process, read or modify its memory, and inject code into the application's context. This occurs despite the application being signed with Hardened Runtime and bypasses Transparency, Consent, and Control (TCC) protections. Normally, when an app has debugging entitlements, the system prompts for administrator credentials, but this entitlement removes that prompt, making it easier to perform an attack.


How can this vulnerability impact me? :

The vulnerability allows a local attacker with limited privileges to debug the Invoice Ninja application process without triggering the usual system authorization prompts. This can lead to unauthorized reading or modification of the application's memory and code injection, potentially compromising the application's integrity and confidentiality. However, the attacker can only access resources that the user has previously granted permission to; accessing other resources requires user interaction with a system prompt.


What immediate steps should I take to mitigate this vulnerability?

Update Invoice Ninja to version 5.0.175 or later, where this vulnerability has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart