CVE-2025-4960 is a local privilege escalation vulnerability affecting the EPSON Printer Controller Installer on macOS systems. The vulnerability is rooted in the com.epson.InstallNavi.helper tool, which is part of the EPSON printer driver installation package. This helper tool communicates over the XPC protocol but fails to properly authenticate clients, allowing any local user to interact with it. Furthermore, the tool incorrectly implements macOS’s authorization model by registering overly permissive custom rights in the system authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of their privilege level. The tool invokes the AuthorizationCopyRights API but does so with these weakly defined rights, effectively bypassing intended security controls. As a result, an attacker with local access can exploit this vulnerability to execute arbitrary commands with elevated privileges or install system components without needing administrative credentials. The vulnerability has a CVSS 3.1 base score of 7.8, indicating high severity due to its impact on confidentiality, integrity, and availability, combined with low attack complexity and no requirement for user interaction. While no public exploits are currently known, the flaw presents a significant risk for privilege escalation on affected macOS systems running EPSON printer drivers. Organizations should monitor for updates from EPSON and consider restricting local access or employing endpoint protection measures to mitigate risk until patches are available.

The impact of CVE-2025-4960 on European organizations is considerable, especially for those using EPSON printers on macOS endpoints. Successful exploitation allows an attacker with local access to escalate privileges to root or administrative levels, enabling full system compromise. This can lead to unauthorized access to sensitive data, installation of persistent malware, disruption of printing services, and potential lateral movement within corporate networks. Confidentiality is at high risk as attackers can access protected information; integrity is compromised through unauthorized system modifications; and availability may be affected if critical system components are altered or disabled. Given the prevalence of EPSON printers in office environments and the increasing adoption of macOS in European enterprises, this vulnerability could facilitate targeted attacks or insider threats. The lack of required user interaction and low complexity of exploitation increase the likelihood of successful attacks. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and government, face heightened risks due to potential data breaches and regulatory non-compliance.

To mitigate CVE-2025-4960, European organizations should take the following specific actions: 1) Immediately check for and apply any patches or updates released by EPSON addressing this vulnerability. 2) If patches are not yet available, restrict local user access on macOS systems that have EPSON printer drivers installed, limiting the number of users with local login privileges. 3) Employ endpoint detection and response (EDR) solutions to monitor for unusual process executions or privilege escalations related to the com.epson.InstallNavi.helper tool. 4) Audit and harden the macOS authorization database (/var/db/auth.db) to detect and remove overly permissive custom rights registered by the EPSON installer. 5) Consider temporarily uninstalling or disabling the EPSON Printer Controller Installer on critical systems where feasible until a patch is applied. 6) Educate IT staff and users about the risks of local privilege escalation and enforce strict access controls on shared or multi-user macOS devices. 7) Monitor system logs for suspicious XPC communications or unauthorized use of the AuthorizationCopyRights API. These targeted measures go beyond generic advice by focusing on the specific mechanisms exploited by this vulnerability and the affected components.