How to fix CVE-2025-4960?

Within 24 hours: Inventory all systems with EPSON printer drivers installed and assess which devices are business-critical. Within 7 days: Restrict installation privileges to administrator accounts only, disable the InstallNavi.helper service where possible, and apply Windows security updates to harden local privilege escalation vectors. Within 30 days: Monitor vendor communications for patch availability, consider alternative printer solutions if EPSON does not release timely remediation, and implement application whitelisting to prevent unauthorized execution of InstallNavi components.

Is macOS affected by CVE-2025-4960?

A local privilege escalation vulnerability in EPSON printer driver installers (CVE-2025-4960) could allow authenticated users to gain elevated system permissions, potentially compromising endpoint security and data integrity across organizations using affected EPSON devices.

CVE-2025-4960

HIGH

2026-02-19 41c37e40-543d-43a2-b660-2fee83ea851a

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:03 vuln.today

CVE Published

Feb 19, 2026 - 07:17 nvd

HIGH 7.8

Description

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system’s authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials.

Analysis

Technical Context

Classified as CWE-863 (Incorrect Authorization). The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s authorization model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system’s

Affected Products

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to mu

Remediation

Monitor vendor advisories for a patch.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

CVE-2025-4960 vulnerability details – vuln.today

Back

CVE-2025-4960

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-4960

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code