Local Privilege Escalation Vulnerability in EPSON Printer Driver Installer
CVE-2025-4960

7.8HIGH

Key Information:

Vendor

Epson

Vendor
CVE Published:
19 February 2026

What is CVE-2025-4960?

The com.epson.InstallNavi.helper tool, part of the EPSON printer driver installer, is susceptible to a local privilege escalation issue due to multiple implementation flaws. The tool inadequately authenticates clients via the XPC protocol, failing to uphold the authorization model in macOS. This inadequacy allows unauthorized users to access privileged functionalities. Notably, the tool uses the AuthorizationCopyRights API but employs overly permissive custom rights registered in the system’s authorization database, enabling any local user to request these rights. Consequently, this vulnerability permits attackers to execute arbitrary commands or install system components without the need for administrative credentials.

Affected Version(s)

EPSON Printer Controller Installer MacOS 0 <= 1.0.0

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Carlos Garrido of Pentraze Cybersecurity
.