CNNVD-202512-366 Information

CNNVD ID

CNNVD-202512-366

Related CVE

CVE-2025-65842

• CNNVD Published: 2025-12-03

Description (Chinese)

Plugin Alliance Aquarius HelperTool是美国Plugin Alliance公司的一个音频插件辅助工具。 Plugin Alliance Aquarius HelperTool 1.0.003版本存在安全漏洞，该漏洞源于XPC服务未验证客户端身份且授权逻辑存在缺陷，可能导致本地权限提升。

Description (English)

Plugin Alliance Aquarus HelperTool is an audio plugin support tool for Plugin Alliance in the United States. There is a security loophole in the version Plugin Alliance Aquarius HelpTool 1.0.003, which stems from the failure of the XPC service to verify the client ’ s identity and from deficiencies in the authorization logic, which may lead to the upgrading of local privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Plugin Alliance

Published

2025-12-03

Last Modified

2026-02-24

References

https://almightysec.com/helpertool-xpc-service-local-privilege-escalation/ https://access.redhat.com/security/cve/cve-2025-65842