Dynamic Library Injection Vulnerability in Phoenix Code on macOS
CVE-2025-5255

4.8MEDIUM

Key Information:

Vendor

Core.ai

Status
Phoenix Code
Vendor
CVE Published:
20 June 2025

What is CVE-2025-5255?

The Phoenix Code on macOS has a vulnerability related to its configuration that facilitates Dynamic Library (Dylib) injection. This occurs due to certain entitlements granting local attackers, with unprivileged access, the ability to inject malicious code through environment variables such as DYLD_INSERT_LIBRARIES. Although the attack is limited to permissions already granted by users, it allows bypassing Transparency, Consent, and Control (TCC) policies. Importantly, any attempt to access additional resources beyond those previously authorized will provoke a user interaction prompt for permission. The vulnerability has been addressed in a recent code commit.

Affected Version(s)

Phoenix Code MacOS 0 <= 4.0.3

References

https://cert.pl/en/posts/2025/06/tcc-bypass/
third-party-advisory
https://phcode.dev/
product
https://github.com/phcode-dev/phoenix-desktop/pull/623/co...
patch

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karol Mazurek - Afine Team
.
CVE-2025-5255 : Dynamic Library Injection Vulnerability in Phoenix Code on macOS