What is the CVSS score of EUVD-2025-200988?

EUVD-2025-200988 has a CVSS 3.1 base score of 6.2 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Installation Manager are affected by EUVD-2025-200988?

CVE-2025-62686 presents moderate security risk, a improper privilege management vulnerability rated CVSS 6.2. Attackers could gain access beyond their authorized level.

Is there a public PoC exploit available for EUVD-2025-200988?

Yes, a public proof-of-concept exploit is available for EUVD-2025-200988. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-200988?

Within 30 days: Identify affected systems running the Plugin Alliance InstallationHelper service included with and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Installation Manager EUVD-2025-200988

| CVE-2025-62686 MEDIUM

Improper Privilege Management (CWE-269)

2025-12-03 cve@mitre.org

Privilege Escalation Apple RCE Installation Manager macOS

6.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.2 MEDIUM

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-200988

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

PoC Detected

Dec 18, 2025 - 20:53 vuln.today

Public exploit code

CVE Published

Dec 03, 2025 - 17:15 nvd

MEDIUM 6.2

DescriptionCVE.org

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges.

Analysis

Technical ContextAI

Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Improper Privilege Management (CWE-269).

RemediationAI

Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).

EUVD-2025-200988 vulnerability details – vuln.today

Back

Installation Manager EUVD-2025-200988

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code