Karl.Fail

Tag: cwe-862

  • CVE-2025-31194: Critical Vulnerability in Apple macOS – Admin Privileges without Authentication

    CVE-2025-31194: Critical Vulnerability in Apple macOS

    A critical vulnerability has been discovered in Apple’s macOS operating system, tracked as CVE-2025-31194. This flaw allows an app’s shortcut to run with admin privileges without proper authentication, posing a significant security risk. The issue affects versions of macOS prior to 15.4 and has been addressed in macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5.

    Details of the Vulnerability

    This vulnerability arises from an authentication issue in macOS that allows shortcuts to bypass necessary permission checks. An attacker could exploit this flaw to elevate the privileges of a shortcut, enabling it to perform actions that should require admin authentication. Such unauthorized privilege escalation can lead to unauthorized access to system resources, potentially compromising the integrity and security of the system.

    Apple has resolved this issue by implementing improved state management and authentication checks. With these enhancements, only properly authenticated shortcuts will be able to access administrative privileges, significantly reducing the risk of exploitation.

    CVSS Score and Impact

    The CVSS v3.1 score for CVE-2025-31194 is 9.8, indicating a critical vulnerability. The key details of the CVSS score are as follows:

    • Attack Vector (AV): Network – The vulnerability can be exploited remotely.
    • Attack Complexity (AC): Low – The exploit does not require complex conditions to execute.
    • Privileges Required (PR): None – No special privileges are needed to exploit the vulnerability.
    • User Interaction (UI): None – The exploit can occur without user interaction.
    • Confidentiality Impact (C): High – Sensitive user data could be accessed by the attacker.
    • Integrity Impact (I): High – The attacker can alter system data.
    • Availability Impact (A): High – The attacker can cause system disruptions.

    Mitigation

    Apple has addressed the issue by adding additional restrictions and improving shortcut permission validation. Users are strongly encouraged to update to the latest versions of macOS, including macOS Ventura 13.7.5, macOS Sequoia 15.4, or macOS Sonoma 14.7.5, to protect against this critical vulnerability.

    Conclusion

    The CVE-2025-31194 vulnerability underscores the importance of robust authentication and access control mechanisms in macOS systems. Users of affected Apple devices should apply the latest security updates immediately to mitigate the risk of exploitation and safeguard sensitive information from unauthorized access.

  • CVE-2025-1307: Critical Arbitrary File Upload in Newscrunch WordPress Theme

    Overview

    CVE-2025-1307 is a critical vulnerability in the Newscrunch theme for WordPress, affecting all versions up to and including 1.8.4. The issue allows authenticated users with Subscriber-level access or higher to upload arbitrary files to the server, potentially leading to full remote code execution.

    Technical Details

    The vulnerability stems from a missing capability check in the newscrunch_install_and_activate_plugin() function. This function fails to properly verify the permissions of the user invoking it. As a result, even low-privileged users, such as Subscribers, can exploit the flaw to upload malicious files—including PHP scripts—directly to the web server.

    This type of vulnerability is categorized as CWE-862: Missing Authorization. It demonstrates how insufficient access control can elevate minimal user privileges into a full-blown compromise, especially when combined with file upload functionality that lacks validation or execution restrictions.

    CVSS Score

    The issue has been scored as 9.8 (Critical) using CVSS v3.1:

    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
    • Impact: High (Confidentiality, Integrity, Availability)

    Impacted Versions

    The vulnerability affects all versions of the Newscrunch theme up to and including 1.8.4. This includes default installations where subscriber accounts are enabled.

    Mitigation

    • Update the Newscrunch theme to the latest version that includes a fix for this issue.
    • Restrict user registration or limit file upload capabilities for non-admin roles as a temporary measure.
    • Scan your server for suspicious uploaded files, especially PHP scripts in non-standard directories.

    Conclusion

    This vulnerability is a reminder that themes and plugins must rigorously enforce capability checks, particularly when implementing file upload or plugin management features. Site administrators using Newscrunch should patch immediately and audit any low-privilege accounts for unusual activity.

    Thanks to Chloe Chamberland for identifying and reporting this vulnerability. More details can be found in the Wordfence advisory.