CVE-2025-2098

216.73.217.22

· Published 26/03/2025 16:15 · Modified 27/03/2025 16:45

Labels: CVE-2025-2098 2025-03-26 CVE-2025-2098 CWE-266 [email protected]

Essential information

Published: 26/03/2025 16:15
Modified: 27/03/2025 16:45
Author: —
Creator: —
CVSS: 8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects Fast CAD Reader in possibly all versions since the vendor has not responded to our messages. The tested version was 4.1.5

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
fast cad reader / fast cad reader	`cpe:2.3:a:fast_cad_reader:fast_cad_reader::::::macos::*`