CVE-2025-65841
Modified Modified - Updated After Analysis

BaseFortify

Vulnerability report for CVE-2025-65841, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-03

Last updated on: 2026-07-05

Assigner: MITRE

Description

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value. Any attacker who can read this settings file can fully compromise the victim's Aquarius account by importing the stolen configuration into their own client or login through the vendor website. This results in complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform authenticated actions as the user.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-03
Last Modified
2026-07-05
Generated
2026-07-06
AI Q&A
2025-12-03
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
acustica-audio aquarius 3.0.069
acustica_audio aquarius_desktop *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in a local settings file using a weak obfuscation method. The password is encrypted with a predictable byte-substitution that can be easily reversed, allowing anyone who can read the file to recover the plaintext password immediately.

Impact Analysis

An attacker who can access the settings file can fully compromise the victim's Aquarius account by importing the stolen configuration or logging in through the vendor website. This leads to complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform actions authenticated as the user.

Detection Guidance

You can detect this vulnerability by checking for the presence of the file '~/Library/Application Support/Aquarius/aquarius.settings' on macOS systems. Since the password is stored in this file using a weak obfuscation scheme, inspecting the contents of this file can reveal if sensitive credentials are exposed. A command to check for the file and view its contents is: 'cat ~/Library/Application\ Support/Aquarius/aquarius.settings'.

Mitigation Strategies

Immediate mitigation steps include restricting access permissions to the '~/Library/Application Support/Aquarius/aquarius.settings' file to prevent unauthorized reading, such as using 'chmod 600' on the file. Additionally, avoid storing sensitive credentials in this file or use alternative secure storage methods. If possible, change your Aquarius account password and monitor for unauthorized access. Contact the vendor for updates or patches addressing this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65841. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart