CVE-2025-55076
Last modified
CVE-2025-55076 is a medium-severity vulnerability rated 6.2/10 on the CVSS scale. A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Plugin-Alliance | Installation Manager | 1.4.0 |
References
- https://almightysec.com/plugin-alliance-helpertool-xpc-service-local-privilege-escalation/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-55076?
How severe is CVE-2025-55076?
How do I fix CVE-2025-55076?
Are you affected by CVE-2025-55076?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST