CNNVD-202509-2568 Information

CNNVD ID

CNNVD-202509-2568

Related CVE

CVE-2025-10016

• CNNVD Published: 2025-09-16

Description (Chinese)

Sparkle是Sparkle Project开源的一个macOS的软件更新框架。 Sparkle 2.7.2之前版本存在安全漏洞，该漏洞源于缺少客户端身份验证，可能导致本地权限提升至root权限。

Description (English)

Sparkle is a MacOS software update framework for Sparkle Projects. Prior to Sparkle 2.7.2, there was a security loophole, which stemmed from a lack of client identification, which could lead to local privileges being raised to root.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sparkle Project

Published

2025-09-16

Last Modified

2026-02-24

References

https://github.com/sparkle-project/Sparkle/discussions/2764 https://cert.pl/en/posts/2025/09/CVE-2025-10015 https://access.redhat.com/security/cve/cve-2025-10016

Patch

https://github.com/sparkle-project/Sparkle/releases