Which versions of AIBattery are affected by CVE-2025-10672?

CVE-2025-10672 affects AIBattery versions up to 1.0.9 and allows local users with low privileges to escalate to high-integrity access over battery management functions, potentially enabling…

Is there a public PoC exploit available for CVE-2025-10672?

Yes, a public proof-of-concept exploit is available for CVE-2025-10672. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-10672?

Within 24 hours: Identify all systems running AIBattery versions up to 1.0.9 using endpoint inventory tools; disable or restrict AIBattery.Helper service if operationally feasible. Within 7 days: Contact vendor (Collweb) for patch timeline confirmation and interim mitigation guidance; segregate affected systems from critical infrastructure if patch unavailable. Within 30 days: Upgrade to AIBattery version 1.0.10 or later once available, or uninstall the product if remediation is not released.

AIBattery CVE-2025-10672

Q: What is the CVSS score of CVE-2025-10672?

CVE-2025-10672 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

Improper Authentication (CWE-287)

2025-09-18 cna@vuldb.com

Authentication Bypass

7.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:14 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 29, 2026 - 01:11 vuln.today

cvss_changed

CVSS changed

Apr 29, 2026 - 01:11 NVD

8.5 (HIGH) 7.1 (HIGH)

Analysis Generated

Mar 28, 2026 - 19:12 vuln.today

PoC Detected

Sep 19, 2025 - 17:15 vuln.today

Public exploit code

CVE Published

Sep 18, 2025 - 15:15 nvd

HIGH 8.5

DescriptionCVE.org

A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach. The exploit has been made public and could be used.

AnalysisAI

Missing authentication in AIBattery's XPC service (versions up to 1.0.9) allows local authenticated attackers with low privileges to gain high-integrity access to battery management functions, potentially enabling unauthorized system configuration changes. The vulnerability affects the BatteryXPCService.swift component in com.collweb.AIBatteryHelper, with publicly available exploit code demonstrating the attack path. EPSS score of 0.02% (7th percentile) indicates low predicted exploitation probability in the wild, though the POC availability lowers the technical barrier for local attackers.

Technical ContextAI

AIBattery is a macOS battery charge limiter utility that uses Apple's XPC (cross-process communication) framework for inter-process messaging. The vulnerability stems from CWE-287 (Improper Authentication) in the BatteryXPCService.swift file, where the XPC service endpoint fails to validate the calling process's identity or authorization before executing privileged operations. XPC services on macOS typically implement entitlement checks or code signature validation to ensure only authorized clients can invoke sensitive methods. The missing authentication allows any local process running with standard user privileges to invoke the battery helper's privileged functions without proper authorization checks, bypassing the intended security boundary between user-space applications and system-level battery management operations.

Affected ProductsAI

AIBattery versions up to and including 1.0.9 developed by whuan132 are affected. The vulnerability specifically impacts the macOS implementation of the com.collweb.AIBatteryHelper XPC service component. The GitHub POC repository (https://github.com/SwayZGl1tZyyy/n-days/blob/main/AIBattery-Charge-Limiter/README.md) identifies the BatteryXPCService.swift file in the AIBatteryHelper XPC component as the vulnerable code path. No CPE identifier has been assigned for this product in NVD records, and no vendor-specific product advisory URL is available in the provided references beyond the third-party VulDB entries (vuldb.com/?id.324793).

RemediationAI

Upgrade AIBattery to a version newer than 1.0.9 if the vendor has released a patched version addressing the XPC authentication bypass. As of this analysis, no vendor-released patch version has been independently confirmed in the provided data sources - users should monitor the official AIBattery GitHub repository (whuan132/AIBattery) for security updates. If no patch is available, implement compensating controls: restrict local user access to the macOS system running AIBattery using principle of least privilege, disable or uninstall AIBattery if battery charge limiting is not operationally required, monitor process execution for unexpected XPC client connections to com.collweb.AIBatteryHelper using macOS Unified Logging (log stream --predicate 'process == "AIBatteryHelper"'). Note that removing the application eliminates the vulnerable XPC service but also removes battery management functionality. Organizations should assess whether the battery charge limiting feature justifies the authentication bypass risk in their threat model.

CVE-2025-10672 vulnerability details – vuln.today

Back