{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66004", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "state": "PUBLISHED", "assignerShortName": "suse", "dateReserved": "2025-11-19T08:52:54.077Z", "datePublished": "2025-12-10T09:10:14.533Z", "dateUpdated": "2025-12-22T00:14:10.394Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "usbmuxd", "product": "usbmuxd", "vendor": "libimobiledevice", "versions": [{"lessThan": "3ded00c9985a5108cfc7591a309f9a23d57a8cba", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Wolfgang Frisch of SUSE"}], "datePublic": "2025-11-27T16:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.<p>This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.</p>"}], "value": "A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 5.1, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-35", "description": "CWE-35: Path Traversal: '.../...//'", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-12-10T09:10:14.533Z"}, "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004"}], "source": {"discovery": "UNKNOWN"}, "title": "Local privilege escalation in usbmuxd from arbitrary local user to usbmux", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-10T16:58:27.959738Z", "id": "CVE-2025-66004", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T16:58:57.010Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00027.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-22T00:14:10.394Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00027.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-22T00:14:10.394Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66004", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-10T16:58:27.959738Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-10T16:58:52.964Z"}}], "cna": {"title": "Local privilege escalation in usbmuxd from arbitrary local user to usbmux", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Wolfgang Frisch of SUSE"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "libimobiledevice", "product": "usbmuxd", "versions": [{"status": "affected", "version": "0", "lessThan": "3ded00c9985a5108cfc7591a309f9a23d57a8cba", "versionType": "custom"}], "packageName": "usbmuxd", "defaultStatus": "unaffected"}], "datePublic": "2025-11-27T16:50:00.000Z", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.", "supportingMedia": [{"type": "text/html", "value": "A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.<p>This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-35", "description": "CWE-35: Path Traversal: '.../...//'"}]}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-12-10T09:10:14.533Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66004", "state": "PUBLISHED", "dateUpdated": "2025-12-22T00:14:10.394Z", "dateReserved": "2025-11-19T08:52:54.077Z", "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "datePublished": "2025-12-10T09:10:14.533Z", "assignerShortName": "suse"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba."}], "id": "CVE-2025-66004", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 2.7, "source": "meissner@suse.de", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2025-12-10T09:15:47.427", "references": [{"source": "meissner@suse.de", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00027.html"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-35"}], "source": "meissner@suse.de", "type": "Secondary"}]}

{"bugzilla": {"description": "usbmuxd: usbmuxd: Path Traversal vulnerability allows local privilege escalation", "id": "2420941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420941"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-35", "details": ["A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.", "A local path traversal vulnerability in usbmuxd allows unprivileged users to send crafted messages to its world-writable UNIX socket, causing the daemon to create or delete files as the usbmux user. Due to insufficient validation of the PairRecordID field, attackers can escape the intended configuration directory, with a narrow race condition potentially enabling broader file overwrite. The issue is limited to local access and does not directly grant root privileges."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-66004", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "usbmuxd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "usbmuxd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "usbmuxd", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2025-12-10T09:10:14Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-66004\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-66004\nhttps://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004"], "statement": "This issue is best classified as a Moderate vulnerability rather than an Important flaw because its impact is constrained to a local privilege boundary and a non-root service account. Exploitation requires local access to the system and interaction with a UNIX socket, with no remote attack vector or user interaction involved. While the lack of input validation allows path traversal leading to file deletion or creation, these operations are performed as the usbmux user, not as root, and therefore do not directly compromise full system integrity. The potential extension to arbitrary file overwrite relies on a tight race condition (TOCTOU), which reduces reliability and exploit consistency. There is no direct confidentiality impact and no automatic escalation beyond the service\u2019s privilege scope, making the flaw security-relevant but limited in blast radius, aligning it with a medium (moderate) severity classification rather than a high-impact vulnerability.", "threat_severity": "Moderate"}

{"created": "2025-12-10T17:48:47.329021+00:00", "updated": "2025-12-10T17:48:47.329046+00:00", "vendors": ["libimobiledevice", "libimobiledevice$PRODUCT$libusbmuxd"]}