In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
History

Tue, 26 Aug 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 26 Aug 2025 18:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
CPEs cpe:2.3:a:canonical:multipass:*:-:*:*:*:*:*:*

Mon, 14 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0001}


Fri, 11 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
Title LPE on Multipass for macOS
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published:

Updated: 2025-07-14T20:12:58.921Z

Reserved: 2025-05-26T12:29:30.522Z

Link: CVE-2025-5199

cve-icon Vulnrichment

Updated: 2025-07-14T14:45:23.208Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-12T00:15:23.460

Modified: 2025-08-26T18:37:22.187

Link: CVE-2025-5199

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:06:10Z