EUVD-2025-32624
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3Description
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.
Analysis
FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.
Technical Context
Privilege escalation allows a low-privileged user or process to gain elevated permissions beyond what was originally authorized. This vulnerability is classified as Improper Privilege Management (CWE-269).
Remediation
Apply the principle of least privilege. Keep systems patched. Monitor for suspicious privilege changes. Use mandatory access controls (SELinux, AppArmor).
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today