CVE-2025-57443
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-02
Last updated on: 2025-10-02
Assigner: MITRE
Description
Description
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frostwire | frostwire | 6.14.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in FrostWire 6.14.0-build-326 for macOS involves permissive entitlements that allow unprivileged local attackers to inject code into the FrostWire process using the DYLD_INSERT_LIBRARIES environment variable. This means attackers can run arbitrary code within the FrostWire process.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing attackers to gain elevated access to arbitrary TCC-approved directories, potentially compromising sensitive data or system integrity.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70