CVE-2025-65842
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acustica-audio | aquarius_helpertool | 1.0.003 |
| acustica_audio | aquarius_desktop | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Aquarius HelperTool (1.0.003) privileged XPC service on macOS. The service accepts connections from any local process without verifying the client's identity, and its authorization logic is flawed because it calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. This allows a local attacker to execute arbitrary commands as root by injecting attacker-controlled input into NSTask, potentially leading to privilege escalation.
How can this vulnerability impact me? :
An attacker with local access can exploit this vulnerability to run arbitrary commands with root privileges, create persistent backdoors, or obtain a fully interactive root shell. This can lead to complete system compromise, unauthorized access to sensitive data, and loss of control over the affected system.