Path Traversal Vulnerability in usbmuxd by Apple
CVE-2025-66004

5.1MEDIUM

Key Information:

Vendor: Libimobiledevice
Status: Usbmuxd
Vendor: CVE Published:; 10 December 2025

🔔 Create Libimobiledevice Vulnerability Alert

What is CVE-2025-66004?

A Path Traversal vulnerability in usbmuxd allows local users to gain unauthorized access by escalating privileges to the service user. This affects versions prior to 3ded00c9985a5108cfc7591a309f9a23d57a8cba, posing a significant security risk that enables malicious local users to execute actions as a more privileged system user.

Affected Version(s)

usbmuxd 0 < 3ded00c9985a5108cfc7591a309f9a23d57a8cba

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Nov 19, 2025

Credit

Wolfgang Frisch of SUSE

JSON