CVE-2025-66004
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-10

Last updated on: 2025-12-10

Assigner: SUSE

Description
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-10
Last Modified
2025-12-10
Generated
2026-06-16
AI Q&A
2025-12-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66004
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apple usbmuxd *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-35 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Path Traversal issue in the usbmuxd service that allows local users to escalate their privileges to the service user. It affects versions of usbmuxd before the commit 3ded00c9985a5108cfc7591a309f9a23d57a8cba.

Impact Analysis

The vulnerability can allow a local user to escalate their privileges to those of the usbmuxd service user, potentially enabling unauthorized actions or access within the system.

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable usbmuxd daemon version (before commit 3ded00c9985a5108cfc7591a309f9a23d57a8cba) and by monitoring the world-writable UNIX socket at /var/run/usbmuxd for suspicious SavePairRecord messages containing path traversal payloads. You can check the usbmuxd version by running commands like `usbmuxd -V` or inspecting the package version installed. Additionally, monitoring or auditing the /var/run/usbmuxd socket for unexpected write operations or unusual plist files being created or modified with relative paths could indicate exploitation attempts. Specific commands might include: `ls -l /var/run/usbmuxd` to verify socket permissions, `ps aux | grep usbmuxd` to check running daemon version, and using audit tools like `auditctl` to watch file operations on relevant plist files. However, no explicit detection commands or scripts are provided in the resources. [1]

Mitigation Strategies

Immediate mitigation steps include updating usbmuxd to a version that includes the fix (commit 3ded00c9985a5108cfc7591a309f9a23d57a8cba or later) where the pair_record_id input is sanitized and validated to prevent path traversal. Additionally, reconsider the security implications of having a world-writable UNIX socket at /var/run/usbmuxd by restricting its permissions to prevent unprivileged users from sending malicious messages. If an update is not immediately available, temporarily restricting access to the socket or disabling the usbmuxd service until patched can reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66004. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart