← Retour aux CVEs

CVE-2025-9815

HIGH

7.8

Description

A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.

Details CVE

Score CVSS v3.17.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueLOCAL

ComplexiteLOW

Privileges requisLOW

Interaction utilisateurNONE

Publie9/2/2025

Derniere modification4/29/2026

Sourcenvd

Observations honeypot0

Produits affectes

alaneuler:batterykidapple:macos

Faiblesses (CWE)

CWE-287CWE-306CWE-306

References

https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md(cna@vuldb.com)

https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts(cna@vuldb.com)

https://vuldb.com/?ctiid.322142(cna@vuldb.com)

https://vuldb.com/?id.322142(cna@vuldb.com)

https://vuldb.com/?submit.641358(cna@vuldb.com)

https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.