{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5995", "assignerOrgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "state": "PUBLISHED", "assignerShortName": "Canon_EMEA", "dateReserved": "2025-06-11T12:01:21.085Z", "datePublished": "2025-06-26T19:13:48.305Z", "dateUpdated": "2025-06-26T19:33:44.616Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Canon EOS Webcam Utility Pro", "vendor": "Canon USA Inc.", "versions": [{"lessThanOrEqual": "2.3d (2.3.29) (including)", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Isaac Ordonez"}], "datePublic": "2025-06-26T19:12:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation."}], "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Not applicable"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.6, "baseSeverity": "MEDIUM", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "shortName": "Canon_EMEA", "dateUpdated": "2025-06-26T19:13:48.305Z"}, "references": [{"tags": ["vendor-advisory", "mitigation"], "url": "https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os"}, {"tags": ["vendor-advisory"], "url": "https://www.canon-europe.com/psirt/advisory-information"}], "source": {"discovery": "EXTERNAL"}, "tags": ["x_cemea", "x_cusa"], "title": "Canon EOS Webcam Utility Pro for MAC OS contains an insecure permission issue potentially leading to code execution and privilege escalation", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T19:30:42.502275Z", "id": "CVE-2025-5995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T19:33:44.616Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T19:30:42.502275Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T19:30:46.424Z"}}], "cna": {"tags": ["x_cemea", "x_cusa"], "title": "Canon EOS Webcam Utility Pro for MAC OS contains an insecure permission issue potentially leading to code execution and privilege escalation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Isaac Ordonez"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Not applicable"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Canon USA Inc.", "product": "Canon EOS Webcam Utility Pro", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.3d (2.3.29) (including)"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "datePublic": "2025-06-26T19:12:00.000Z", "references": [{"url": "https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os", "tags": ["vendor-advisory", "mitigation"]}, {"url": "https://www.canon-europe.com/psirt/advisory-information", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation.", "supportingMedia": [{"type": "text/html", "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "shortName": "Canon_EMEA", "dateUpdated": "2025-06-26T19:13:48.305Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5995", "state": "PUBLISHED", "dateUpdated": "2025-06-26T19:33:44.616Z", "dateReserved": "2025-06-11T12:01:21.085Z", "assignerOrgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "datePublished": "2025-06-26T19:13:48.305Z", "assignerShortName": "Canon_EMEA"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Canon EOS Webcam Utility Pro", "vendor": "Canon USA Inc.", "versions": [{"lessThanOrEqual": "2.3d (2.3.29) (including)", "status": "affected", "version": "0", "versionType": "custom"}]}], "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation."}, {"lang": "es", "value": "Canon EOS Webcam Utility Pro para MAC OS versi\u00f3n 2.3d (2.3.29) y anteriores contiene una vulnerabilidad de permisos de directorio incorrectos. Para explotar esta vulnerabilidad, un usuario malintencionado debe tener acceso de administrador. Un atacante podr\u00eda modificar el directorio, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo y, en \u00faltima instancia, la escalada de privilegios."}], "id": "CVE-2025-5995", "lastModified": "2026-06-17T09:49:10.583", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-5995", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2025-06-26T19:30:42.502275Z", "version": "2.0.3"}}]}, "published": "2025-06-26T20:15:32.193", "references": [{"source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "url": "https://www.canon-europe.com/psirt/advisory-information"}, {"source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "url": "https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os"}], "sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "type": "Secondary"}]}

{}

{}