FKIE_CVE-2025-4960

Vulnerability from fkie_nvd - Published: 2026-02-19 07:17 - Updated: 2026-04-15 00:35
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system’s authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials.
References
41c37e40-543d-43a2-b660-2fee83ea851ahttps://pentraze.com/vulnerability-reports/
41c37e40-543d-43a2-b660-2fee83ea851ahttps://pentraze.com/vulnerability-reports/cve-2025-4960/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS\u2019s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system\u2019s authorization database (/var/db/auth.db).\n\n\nThese rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials."
    },
    {
      "lang": "es",
      "value": "La herramienta com.epson.InstallNavi.helper, desplegada con el instalador del controlador de impresora EPSON, contiene una vulnerabilidad de escalada de privilegios local debido a m\u00faltiples fallos en su implementaci\u00f3n. No autentica correctamente a los clientes a trav\u00e9s del protocolo XPC y no aplica correctamente el modelo de autorizaci\u00f3n de macOS, exponiendo funcionalidad privilegiada a usuarios no confiables. Aunque invoca la API AuthorizationCopyRights, lo hace utilizando derechos personalizados excesivamente permisivos que registra en la base de datos de autorizaci\u00f3n del sistema (/var/db/auth.db).\n\nEstos derechos pueden ser solicitados y concedidos por el demonio de autorizaci\u00f3n a cualquier usuario local, independientemente del nivel de privilegio. Como resultado, un atacante puede explotar el servicio vulnerable para realizar operaciones privilegiadas, como ejecutar comandos arbitrarios o instalar componentes del sistema sin requerir credenciales administrativas."
    }
  ],
  "id": "CVE-2025-4960",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "41c37e40-543d-43a2-b660-2fee83ea851a",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-19T07:17:38.137",
  "references": [
    {
      "source": "41c37e40-543d-43a2-b660-2fee83ea851a",
      "url": "https://pentraze.com/vulnerability-reports/"
    },
    {
      "source": "41c37e40-543d-43a2-b660-2fee83ea851a",
      "url": "https://pentraze.com/vulnerability-reports/cve-2025-4960/"
    }
  ],
  "sourceIdentifier": "41c37e40-543d-43a2-b660-2fee83ea851a",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "41c37e40-543d-43a2-b660-2fee83ea851a",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.