CVE-2025-62686
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| plugin-alliance | installation_manager | 1.4.0 |
| plugin_alliance | installation_manager | 1.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue in the Plugin Alliance InstallationHelper service on macOS. Because the service lacks a hardened runtime and a __RESTRICT segment, a local user can exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library. This allows the user to execute code with elevated privileges.
How can this vulnerability impact me? :
The vulnerability can allow a local user to gain elevated privileges on the affected system by injecting malicious code into the InstallationHelper service. This could lead to unauthorized actions being performed with higher privileges than intended, potentially compromising system security.