The vulnerability involves a privileged helper daemon called ntfshelperd, which is installed at system level to provide NTFS support on macOS. The daemon exposes an NSConnection service that runs with root privileges but does not perform any authentication or authorization checks for incoming requests. As a result, any local user can establish a connection to the daemon and invoke privileged operations, effectively elevating their privileges to root. This weakness aligns with CWE-732, which describes improper permissions for a privileged component.

The affected product is iBoysoft NTFS for Mac version 8.0.0. No other versions or products are listed in the CVE data. The vulnerability is only present in the stated version of the software on macOS, and any other version or platform should not be impacted unless otherwise reported.

The CVSS score of 8.5 indicates a high severity level. The EPSS score is reported as less than 1 %, suggesting a very low but non‑zero probability of exploitation in the current moment. The vulnerability is not listed in the CISA KEV catalog, which means there are no confirmed exploits yet. The likely attack vector is local: an attacker who can run code on the Mac (for example, a compromised application or a malicious user on the machine) can connect to the nsconnection service and trigger privileged actions without needing any additional credentials.