CVE-2025-4960

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system’s authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://pentraze.com/vulnerability-reports/
https://pentraze.com/vulnerability-reports/cve-2025-4960/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La herramienta com.epson.InstallNavi.helper, desplegada con el instalador del controlador de impresora EPSON, contiene una vulnerabilidad de escalada de privilegios local debido a múltiples fallos en su implementación. No autentica correctamente a los clientes a través del protocolo XPC y no aplica correctamente el modelo de autorización de macOS, exponiendo funcionalidad privilegiada a usuarios no confiables. Aunque invoca la API AuthorizationCopyRights, lo hace utilizando derechos personalizados excesivamente permisivos que registra en la base de datos de autorización del sistema (/var/db/auth.db). Estos derechos pueden ser solicitados y concedidos por el demonio de autorización a cualquier usuario local, independientemente del nivel de privilegio. Como resultado, un atacante puede explotar el servicio vulnerable para realizar operaciones privilegiadas, como ejecutar comandos arbitrarios o instalar componentes del sistema sin requerir credenciales administrativas.

19 Feb 2026, 07:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 07:17

Updated : 2026-04-15 00:35

NVD link : CVE-2025-4960

Mitre link : CVE-2025-4960

CVE.ORG link : CVE-2025-4960

JSON object : View

Products Affected

No product.

CWE

CWE-863

Incorrect Authorization

7.8 /10