Overview CVE-2025-65842 details a significant local privilege escalation vulnerability found within the Aquarius HelperTool (version 1.0.003) on macOS. This flaw allows a local attacker to gain root privileges on the system. The vulnerability stems from insecure handling of XPC connections and improper authorization checks within the HelperTool’s privileged XPC service. Technical Details The Aquarius HelperTool utilizes an XPC service to perform privileged operations. The core of the vulnerability lies in the following: Unvalidated XPC Connections: The service accepts XPC connections from any local process without properly validating the client’s identity. This means any application running on the system can initiate…

Overview CVE-2025-65841 describes a critical vulnerability found in Aquarius Desktop version 3.0.069 for macOS. This vulnerability allows for potential account takeover due to the insecure storage of user authentication credentials. The application employs a weak obfuscation scheme that can be easily reversed, enabling attackers to recover plaintext passwords. Technical Details Aquarius Desktop 3.0.069 stores user credentials within the ~/Library/Application Support/Aquarius/aquarius.settings file. The password “encryption” is implemented through a simple and predictable byte-substitution algorithm. This rudimentary obfuscation is easily bypassed, allowing an attacker with access to the aquarius.settings file to recover the user’s plaintext password with minimal effort. The specific weakness…

Overview CVE-2025-62686 describes a local privilege escalation vulnerability found in the Plugin Alliance InstallationHelper service, which is bundled with Plugin Alliance Installation Manager version 1.4.0 on macOS. This vulnerability allows a malicious local user to potentially gain elevated privileges on the system. Technical Details The root cause of this vulnerability lies in the lack of proper security hardening of the InstallationHelper service. Specifically: Missing Hardened Runtime: The InstallationHelper service lacks a hardened runtime, which would provide additional security protections against code injection and other attacks. Absence of __RESTRICT Segment: The absence of a __RESTRICT segment in the binary allows for…

Overview CVE-2025-55076 is a local privilege escalation vulnerability affecting the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. This flaw allows a malicious local user to potentially gain root privileges on the affected system. The vulnerability stems from the service’s acceptance of unauthenticated XPC connections and the subsequent execution of user-supplied input via the system() call. Technical Details The Plugin Alliance Installation Manager utilizes the InstallationHelper service to perform tasks requiring elevated privileges. However, version 1.4.0 of this service is vulnerable due to the following: Unauthenticated XPC Connections: The InstallationHelper service accepts XPC (Inter-Process Communication) connections without…

Overview CVE-2025-54326 describes a denial-of-service vulnerability affecting the camera driver within Samsung Mobile Processor Exynos 1280 and 2200. This vulnerability arises from the unnecessary registration of a hardware IP address within the camera device driver, which can lead to a NULL pointer dereference. Exploitation of this flaw can result in a denial of service, potentially rendering the camera functionality unusable. Technical Details The root cause of CVE-2025-54326 lies in how the Camera device driver manages hardware IP address registration. Specifically, under certain conditions, the driver attempts to register an IP address that is not properly initialized. When the driver subsequently…

Overview CVE-2025-54065 is a high-severity vulnerability affecting GZDoom, a popular feature-centric port for all Doom engine games. This vulnerability, reported on December 3rd, 2025, stems from insecure handling of ZScript actor states and can lead to arbitrary code execution on affected systems. Exploitation of this vulnerability allows attackers to gain complete control over the system running GZDoom. Technical Details The vulnerability lies within GZDoom’s ZScript scripting engine, specifically how actor states are handled. Versions 4.14.2 and earlier are vulnerable. The issue arises because ZScript actor state handling allows scripts to perform the following malicious actions: Read arbitrary memory addresses. Write…

Overview CVE-2025-53965 is a security vulnerability discovered in a range of Samsung Exynos processors and modems. This flaw affects devices utilizing Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The vulnerability lies in the handling of SOR (Samsung Object Runtime) transparent containers, specifically a lack of proper bounds checking during the decoding process. This can potentially lead to a fatal error and impact device stability. Technical Details The core of the issue resides within the function responsible for decoding SOR transparent containers. Insufficient bounds checking…

Overview CVE-2025-34319 describes a critical OS command injection vulnerability affecting TOTOLINK N300RT wireless routers. This vulnerability allows an unauthenticated attacker to execute arbitrary commands on the router’s operating system. Firmware versions prior to V3.4.0-B20250430 are affected, with the vulnerability being discovered in version V2.1.8-B20201030.1539. Technical Details The vulnerability resides in the Boa web server’s handling of the formWsc functionality. Specifically, the targetAPSsid request parameter is susceptible to command injection. An attacker can craft a malicious HTTP request containing shell metacharacters within the targetAPSsid parameter. When processed by the vulnerable firmware, these metacharacters are interpreted as OS commands, leading to arbitrary…

Overview CVE-2025-20389 describes a medium-severity client-side Denial of Service (DoS) vulnerability found in Splunk Secure Gateway when used with Splunk Enterprise and Splunk Cloud Platform. This vulnerability allows a low-privileged user without “admin” or “power” roles to craft a malicious payload within the `label` column field when adding a new device. This crafted payload can then trigger a DoS condition within the application’s client-side components. Technical Details The vulnerability resides in the Splunk Secure Gateway app’s device management functionality. A low-privileged user can add a new device and, critically, manipulate the `label` field to include a payload designed to consume…

Overview CVE-2025-20388 is a low-severity vulnerability affecting Splunk Enterprise and Splunk Cloud Platform. It allows a user with the change_authentication capability to potentially enumerate internal IP addresses and network ports when adding new search peers to a Splunk search head in a distributed environment. This vulnerability could be exploited to gather information about the internal network infrastructure. Technical Details The vulnerability exists because a user possessing the change_authentication capability, when adding a search peer, can trigger functionality that exposes internal network details. Specifically, the process of adding a new search peer involves communication with that peer, and the way this…