Cybersecurity Vulnerabilities

Critical Vulnerability in Aquarius Desktop: Account Takeover via Weak Encryption (CVE-2025-65841)

December 3, 2025 - By 

Overview

CVE-2025-65841 describes a critical vulnerability found in Aquarius Desktop version 3.0.069 for macOS. This vulnerability allows for potential account takeover due to the insecure storage of user authentication credentials. The application employs a weak obfuscation scheme that can be easily reversed, enabling attackers to recover plaintext passwords.

Technical Details

Aquarius Desktop 3.0.069 stores user credentials within the ~/Library/Application Support/Aquarius/aquarius.settings file. The password “encryption” is implemented through a simple and predictable byte-substitution algorithm. This rudimentary obfuscation is easily bypassed, allowing an attacker with access to the aquarius.settings file to recover the user’s plaintext password with minimal effort.

The specific weakness lies in the predictable nature of the byte substitution. Reverse engineering the application reveals the substitution table, enabling immediate decryption of the stored password. No cryptographic best practices are followed.

CVSS Analysis

(As the CVSS score is N/A, a hypothetical analysis is provided based on the vulnerability’s impact)

While the CVE lists the CVSS score as N/A, given the nature of the vulnerability, a realistic CVSS score would likely be in the Critical range. The vulnerability allows for complete account takeover, leading to a high impact on confidentiality, integrity, and availability. A hypothetical CVSS v3.1 score could be 9.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a highly exploitable local vulnerability with significant consequences.

Possible Impact

Successful exploitation of CVE-2025-65841 can have severe consequences:

  • Account Takeover: An attacker can gain complete control of the victim’s Aquarius account.
  • Unauthorized Access to Cloud-Synchronized Data: The attacker can access any data synchronized to the Aquarius cloud services.
  • Authenticated Actions: The attacker can perform any authenticated actions as the compromised user, including purchases, data modification, and other potentially damaging activities.
  • Import Stolen Configuration: The attacker can import the stolen aquarius.settings file into their own Aquarius client, effectively cloning the victim’s account.

Mitigation or Patch Steps

The primary mitigation step is to update to a patched version of Aquarius Desktop for macOS. Acustica Audio (the vendor) should release a version that implements proper encryption or secure storage of user credentials.

Workarounds (Until a Patch is Available):

  • Change Your Password: Change your Aquarius account password via the Acustica Audio website. This may invalidate the stored (vulnerable) credentials.
  • Monitor for Suspicious Activity: Keep a close eye on your Aquarius account activity for any unauthorized access or changes.
  • Restrict File Access: Limit access to the ~/Library/Application Support/Aquarius/aquarius.settings file to only the user account running Aquarius Desktop. However, this does not prevent local exploitation by a privileged user.

Note: Changing the password via the website is the best workaround as it might invalidate the currently stored password and force a new (hopefully securely stored) password upon the next login to the desktop application.

References

Acustica Audio Official Website
Aquarius Website
AlmightySec – Account Takeover via Weak Encryption Analysis

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *