Local Privilege Escalation Vulnerability in EPSON Printer Driver Installer
CVE-2025-4960
What is CVE-2025-4960?
The com.epson.InstallNavi.helper tool, part of the EPSON printer driver installer, is susceptible to a local privilege escalation issue due to multiple implementation flaws. The tool inadequately authenticates clients via the XPC protocol, failing to uphold the authorization model in macOS. This inadequacy allows unauthorized users to access privileged functionalities. Notably, the tool uses the AuthorizationCopyRights API but employs overly permissive custom rights registered in the system’s authorization database, enabling any local user to request these rights. Consequently, this vulnerability permits attackers to execute arbitrary commands or install system components without the need for administrative credentials.
Affected Version(s)
EPSON Printer Controller Installer MacOS 0 <= 1.0.0
