CVE-2025-25364 Speedify VPN MacOS privilege Escalation

blog.securelayer7.net

cross-posted to:
netsec
netsec
netsec
netsec
netsec

CVE-2025-25364 Speedify VPN MacOS privilege Escalation

blog.securelayer7.net

botM to Security DiscussionsEnglish · 2 days ago

cross-posted to:
netsec
netsec
netsec
netsec
netsec

CVE-2025-25364: Speedify VPN MacOS privilege Escalation

blog.securelayer7.net

SecureLayer7 discovered CVE-2025-25364, which is a critical command injection vulnerability discovered in the me.connectify.SMJobBlessHelper XPC service, a privileged helper tool used by Speedify VPN on macOS. This service, which runs with elevated (root) privileges, is responsible for performing system-level operations such as managing network settings. Due to improper input validation of user-controlled fields (cmdPath and...

You must log in or register to comment.

Chat