CVE-2025-10906
BaseFortify
Publication date: 2025-09-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| magnetism_studios | endurance | 3.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in Magnetism Studios Endurance up to version 3.3.0 on macOS, specifically in the function loadModuleNamed:WithReply within the NSXPC Interface component. It allows an attacker who has local access to the system to manipulate the function in a way that bypasses authentication checks, potentially leading to unauthorized actions.
How can this vulnerability impact me? :
The vulnerability can lead to a complete compromise of confidentiality, integrity, and availability of the affected system because it allows local attackers to bypass authentication. This means attackers could execute unauthorized actions, potentially leading to data breaches, system manipulation, or denial of service.