alaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authentication_CVE-2025-9815

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.

Basic Information

ID CVE-2025-9815

Source VulDB

Published Sep 2, 2025 at 04:32

Affected Product

Vendor alaneuler

Product batteryKid

Version 2.0

Affected Versions alaneuler batteryKid 2.0
alaneuler batteryKid 2.1

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.",
    "published": "2025-09-02T04:32:06.302Z",
    "modified": "2025-09-02T04:32:06.302Z",
    "type": "cve",
    "title": "alaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.322142\nhttps://vuldb.com/?ctiid.322142\nhttps://vuldb.com/?submit.641358\nhttps://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md\nhttps://github.com/SwayZGl1tZyyy/n-days/blob/main/batteryKid/README.md#proof-of-concepts",
    "id": "CVE-2025-9815",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "alaneuler batteryKid 2.0\nalaneuler batteryKid 2.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "batteryKid",
    "version": "2.0",
    "vendor": "alaneuler",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}