CVE-2025-5199

Published Jul 12, 2025

Last updated 3 days ago

Overview

Description: In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
Source: security@ubuntu.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.3
Impact score: 5.9
Exploitability score: 1.3
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security@ubuntu.com: CWE-276

Hype score: Not currently trending

CVE-2025-5199 In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files execu… https://t.co/CmgngplOJd
@CVEnew
11 Jul 2025
511 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.