CVE-2025-8533 Information
Aug 08, 2025
cve
Description
A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method unconditionally accepting requests from any local process. As a result any local unprivileged process could connect to the XPC service and access its methods.
This issue has been resolved in version 4.0.16.
Reference
https://cert.pl/en/posts/2025/08/CVE-2025-8533 https://flexibits.com/fantastical
Related CNNVD
CNNVD-202508-656 (Published: 2025-08-07)
Share on: