Severity by source
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the Privileged Helper gets instructed to execute this script. When the bash script is manipulated by an attacker this scenario will lead to privilege escalation.
AnalysisAI
Arturia Software Center on macOS installs plugin uninstall scripts with world-writable permissions (777) in root-owned directories, allowing local attackers to modify these scripts and achieve privilege escalation when the Privileged Helper executes them during plugin removal. This vulnerability affects any macOS user with the Arturia Software Center installed and requires local access and user interaction to exploit. No patch is currently available.
Technical ContextAI
The vulnerability stems from insecure file permission assignment during plugin installation in Arturia Software Center (cpe:2.3:a:arturia:software_center:*:*:*:*:*:*:*:*). When plugins are installed, an uninstall.sh bash script is created in a root-owned directory with world-writable permissions (mode 777), violating the principle of least privilege. The root cause is classified as CWE-276 (Incorrect Default File Permissions), which encompasses failures to properly restrict file access controls. During uninstallation, the Arturia Software Center invokes a Privileged Helper to execute this script with elevated privileges. Because the script resides in a world-writable location, any local user can modify its contents between creation and execution, enabling arbitrary command injection that runs with root privileges.
RemediationAI
Users should immediately upgrade Arturia Software Center to the latest patched version available from Arturia's official website or the Software Center application itself. The primary remediation is to obtain and install a patched version that corrects the file permissions of uninstall scripts to restrict write access to the owner only (mode 755 or 700). Until a patch is available, systems administrators can apply a workaround by manually reviewing and correcting permissions on existing uninstall.sh scripts in plugin directories (locate files with mode 777 and change them to 755), though this must be repeated after each plugin installation. Additionally, restricting installation of untrusted plugins and limiting local user access to systems running Arturia Software Center reduces the exploitation risk. Consult the vendor advisory at https://r.sec-consult.com/arturia for specific patched version numbers and additional guidance from Arturia.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12831