Privilege Escalation in Canonical Multipass on macOS
CVE-2025-5199
7.3HIGH
What is CVE-2025-5199?
In Canonical Multipass, up to version 1.15.1 on macOS, a vulnerability exists due to incorrect default permissions. This allows local attackers to escalate their privileges by modifying files that are executed with administrative rights by a Launch Daemon during system initialization. The flaw can be exploited to gain unauthorized access to sensitive system resources, posing significant security risks.
Affected Version(s)
Multipass MacOS 0 < 1.16.0
References
CVSS V3.1
Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published