Magnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication_CVE-2025-10906

8.6 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used.

Basic Information

ID CVE-2025-10906

Source VulDB

Published Sep 24, 2025 at 13:02

Affected Product

Vendor Magnetism Studios

Product Endurance

Version 3.0

Affected Versions Magnetism Studios Endurance 3.0
Magnetism Studios Endurance 3.1
Magnetism Studios Endurance 3.2
Magnetism Studios Endurance 3.3.0

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used.",
    "published": "2025-09-24T13:02:06.114Z",
    "modified": "2025-09-24T13:02:06.114Z",
    "type": "cve",
    "title": "Magnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325691\nhttps://vuldb.com/?ctiid.325691\nhttps://vuldb.com/?submit.653994\nhttps://github.com/SwayZGl1tZyyy/n-days/blob/main/Endurance/README.md\nhttps://github.com/SwayZGl1tZyyy/n-days/blob/main/Endurance/README.md#proof-of-concept",
    "id": "CVE-2025-10906",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "Magnetism Studios Endurance 3.0\nMagnetism Studios Endurance 3.1\nMagnetism Studios Endurance 3.2\nMagnetism Studios Endurance 3.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Endurance",
    "version": "3.0",
    "vendor": "Magnetism Studios",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}