CVE-2025-10672
BaseFortify
Publication date: 2025-09-18
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| whuan132 | aibattery | 1.0.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the whuan132 AIBattery application up to version 1.0.9, specifically in an unknown function within the AIBatteryHelper/XPC/BatteryXPCService.swift file of the com.collweb.AIBatteryHelper component. The issue is due to missing authentication, which can be exploited locally. This means an attacker with local access can manipulate the system without proper authentication checks.
How can this vulnerability impact me? :
The vulnerability can lead to a complete compromise of confidentiality, integrity, and availability of the affected system, as indicated by the high CVSS scores. Since authentication is missing, a local attacker could gain unauthorized access and perform malicious actions, potentially causing significant damage or data loss.