CVE-2025-65843
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| acustica-audio | aquarius | 3.0.069 |
| acustica_audio | aquarius_desktop | 3.0.069 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Aquarius Desktop 3.0.069 for macOS has a vulnerability in its support data archive generation feature where it follows symbolic links inside the ~/Library/Logs/Aquarius directory as if they were regular files. This means that when the application builds the support ZIP file, it recursively enumerates logs and writes file data without checking if the files are actually symbolic links. A local attacker can exploit this by placing symlinks to arbitrary filesystem locations, potentially causing unauthorized disclosure or modification of files. If combined with a related privilege escalation issue, even root-owned files could be exposed.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure or modification of arbitrary files on the affected system. A local attacker could exploit it to access sensitive information or alter files they should not have access to. If combined with a privilege escalation vulnerability, it could expose even root-owned files, significantly increasing the risk and impact.