CVE-2025-10906

high

Description

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used.

References

https://vuldb.com/?submit.653994

https://vuldb.com/?id.325691

https://vuldb.com/?ctiid.325691

https://github.com/SwayZGl1tZyyy/n-days/blob/main/Endurance/README.md#proof-of-concept

https://github.com/SwayZGl1tZyyy/n-days/blob/main/Endurance/README.md

Details

Source: Mitre, NVD

Published: 2025-09-24

Updated: 2025-09-24

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.4

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High