CVE-2025-10672

Summary

A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach. The exploit has been made public and could be used.

Affected Software

VendorProductVersion RangeStatus
whuan132AIBattery1.0.0affected
whuan132AIBattery1.0.1affected
whuan132AIBattery1.0.2affected
whuan132AIBattery1.0.3affected
whuan132AIBattery1.0.4affected
whuan132AIBattery1.0.5affected
whuan132AIBattery1.0.6affected
whuan132AIBattery1.0.7affected
whuan132AIBattery1.0.8affected
whuan132AIBattery1.0.9affected

Weaknesses

  • CWE-306: Missing Authentication
  • CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References