CVE-2025-69604

high

Description

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

References

https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_v312_now_available

https://shirt-pocket.com/SuperDuper/SuperDuperDescription.html

http://shirt.com

Details

Source: Mitre, NVD

Published: 2026-01-29

Updated: 2026-01-29

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High