CVE-2025-9815
8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Summary
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| alaneuler | batteryKid | 2.0 | affected |
| alaneuler | batteryKid | 2.1 | affected |
Weaknesses
- CWE-306: Missing Authentication
- CWE-287: Improper Authentication
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
- https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md
- https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts
References
- https://vuldb.com/?id.322142
- https://vuldb.com/?ctiid.322142
- https://vuldb.com/?submit.641358
- https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md
- https://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.