← back
CVE-2025-55076

CVE-2025-55076

CVSS 6.2 MEDIUMEPSS 0.2%CWE-269
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.2EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
03 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a