CVE-2025-9815

Опубликовано: 02 сент. 2025

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.

Ссылки

https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md
Exploit
Third Party Advisory
https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.322142
Permissions Required
VDB Entry
https://vuldb.com/?id.322142
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.641358
Third Party Advisory
VDB Entry
https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md
Exploit
Third Party Advisory
https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:alaneuler:batterykid:*:*:*:*:*:*:*:*

Версия до 2.1 (включая)

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00067

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-287

CWE-306

Связанные уязвимости

GHSA-g336-gvx8-vrrh