CNNVD-202509-2569 Information

CNNVD ID

CNNVD-202509-2569

Related CVE

CVE-2025-10015

• CNNVD Published: 2025-09-16

Description (Chinese)

Sparkle是Sparkle Project开源的一个macOS的软件更新框架。 Sparkle 2.7.2之前版本存在安全漏洞，该漏洞源于未验证连接客户端，可能导致复制TCC保护文件到任意位置。

Description (English)

Sparkle is a MacOS software update framework for Sparkle Projects. Prior to Sparkle 2.7.2, there was a security loophole, which originated from unverified connections to the client, which could lead to the copying of TC files to any location.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Sparkle Project

Published

2025-09-16

Last Modified

2026-02-24

References

https://github.com/sparkle-project/Sparkle/discussions/2764 https://cert.pl/en/posts/2025/09/CVE-2025-10015 https://access.redhat.com/security/cve/cve-2025-10015

Patch

https://github.com/sparkle-project/Sparkle/releases