Skip to main content

CVE-2025-5255: CWE-276 Incorrect Default Permissions in Core.ai Phoenix Code

Medium
VulnerabilityCVE-2025-5255cvecve-2025-5255cwe-276
Published: Fri Jun 20 2025 (06/20/2025, 10:01:42 UTC)
Source: CVE Database V5
Vendor/Project: Core.ai
Product: Phoenix Code

Description

The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da

AI-Powered Analysis

AILast updated: 06/20/2025, 10:32:31 UTC

Technical Analysis

CVE-2025-5255 is a medium-severity vulnerability affecting the Core.ai Phoenix Code product on macOS platforms. The root cause lies in incorrect default permissions related to macOS entitlements, specifically the presence of "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation". These entitlements permit the use of dynamic library (dylib) injection via environment variables such as DYLD_INSERT_LIBRARIES. A local attacker with limited privileges can exploit this to inject arbitrary code into the context of the Phoenix Code application. This injection bypasses macOS's Transparency, Consent, and Control (TCC) mechanisms, which normally regulate access to sensitive resources and user data. However, the attacker’s access is confined to resources for which the user has already granted permission; any attempt to access additional protected resources will still trigger system prompts requiring explicit user consent. The vulnerability does not require user interaction or elevated privileges beyond local unprivileged access, and no authentication is necessary. The issue was addressed in a specific code commit (0c75fb57f89d0b7d9b180026bc2624b7dcf807da). There are no known exploits in the wild at this time. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N) reflects a local attack vector with low complexity, requiring low privileges but no user interaction, and limited impact on confidentiality and integrity, with no impact on availability or scope beyond the vulnerable component. The vulnerability is classified under CWE-276 (Incorrect Default Permissions), highlighting a misconfiguration that enables unintended code injection capabilities.

Potential Impact

For European organizations using Core.ai's Phoenix Code on macOS, this vulnerability poses a risk of local privilege escalation in terms of code execution within the application context. While the attacker cannot directly escalate privileges beyond their local user account or access resources without prior user consent, the ability to inject code can facilitate further attacks such as data exfiltration, lateral movement within the user’s session, or bypassing application-level security controls. This is particularly concerning for organizations handling sensitive data or intellectual property within Phoenix Code environments. The bypass of TCC mechanisms weakens macOS’s security model, potentially undermining user trust and compliance with data protection regulations such as GDPR if unauthorized data access occurs. However, since the vulnerability requires local access and does not allow privilege escalation beyond the current user, the overall impact is moderate. The absence of known exploits reduces immediate risk, but the presence of this vulnerability in widely used development or operational environments could be leveraged by insider threats or malware that gains initial foothold on a system.

Mitigation Recommendations

1. Apply the official patch or update from Core.ai that addresses this vulnerability (commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da) as soon as it becomes available. 2. Restrict local user access to systems running Phoenix Code to trusted personnel only, minimizing the risk of local exploitation. 3. Employ macOS system hardening techniques, such as enabling System Integrity Protection (SIP) and ensuring strict TCC policies are enforced at the OS level. 4. Monitor environment variables related to DYLD_INSERT_LIBRARIES and other dylib injection vectors for unauthorized modifications using endpoint detection and response (EDR) tools. 5. Conduct regular audits of application entitlements and permissions to detect and remediate insecure configurations. 6. Implement application whitelisting and code signing enforcement to prevent unauthorized code execution within Phoenix Code’s context. 7. Educate users about the risks of granting permissions and the importance of responding cautiously to system prompts requesting access to sensitive resources. 8. For organizations with high security requirements, consider isolating Phoenix Code usage within dedicated virtual machines or containers to limit the scope of potential exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
CERT-PL
Date Reserved
2025-05-27T09:58:01.712Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 685535137ff74dad36a5ba22

Added to database: 6/20/2025, 10:16:51 AM

Last enriched: 6/20/2025, 10:32:31 AM

Last updated: 8/14/2025, 4:44:06 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats