CVE-2025-65842 — MEDIUM (5.1)

Vulnerability Description

The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell.

CVSS Score

5.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Acustica-Audio	Aquarius Helpertool	1.0.003

Related Weaknesses (CWE)

CWE-266

References

https://almightysec.com/helpertool-xpc-service-local-privilege-escalation/ExploitThird Party Advisory

FAQ

What is CVE-2025-65842?

CVE-2025-65842 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without vali...

How severe is CVE-2025-65842?

CVE-2025-65842 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65842?

Check the references section above for vendor advisories and patch information. Affected products include: Acustica-Audio Aquarius Helpertool.