What is the CVSS score of CVE-2025-55076?

CVE-2025-55076 has a CVSS 3.1 base score of 6.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Installation Manager are affected by CVE-2025-55076?

CVE-2025-55076 presents moderate security risk, a improper privilege management vulnerability rated CVSS 6.2. Attackers could gain access beyond their authorized level.

Is there a public PoC exploit available for CVE-2025-55076?

Yes, a public proof-of-concept exploit is available for CVE-2025-55076. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-55076?

Within 30 days: Identify affected systems running the InstallationHelper service included with Plugin Alliance and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Installation Manager CVE-2025-55076

EUVD-2025-200987 MEDIUM

Improper Privilege Management (CWE-269)

2025-12-03 cve@mitre.org

Privilege Escalation Apple Installation Manager macOS

6.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.2 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-200987

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

PoC Detected

Dec 18, 2025 - 20:56 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 17:15 nvd

MEDIUM 6.2

DescriptionCVE.org

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.

Analysis

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Improper Privilege Management (CWE-269).

RemediationAI

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

CVE-2025-55076 vulnerability details – vuln.today

Back

Installation Manager CVE-2025-55076

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code