CVE-2025-65841 identifies a vulnerability in Aquarius Desktop version 3.0.069 for macOS where user authentication credentials are stored insecurely in the local file ~/Library/Application Support/Aquarius/aquarius.settings. Instead of using strong encryption, the application employs a weak obfuscation technique based on predictable byte-substitution, which can be trivially reversed by an attacker with read access to the file. This flaw allows immediate recovery of plaintext passwords without requiring elevated privileges or user interaction. Once the attacker obtains the password, they can import the stolen configuration into their own client or log in via the vendor's website, resulting in complete account takeover. This compromises confidentiality by exposing user credentials, integrity by allowing unauthorized actions, and availability by potentially disrupting legitimate user access. The vulnerability is classified under CWE-284 (Improper Access Control), highlighting insufficient protection of sensitive data. Although no patches or known exploits currently exist, the risk remains significant due to the ease of exploitation and the critical impact on cloud-synchronized data and authenticated operations. The CVSS score of 6.2 reflects a medium severity, driven primarily by local access requirements and lack of privilege escalation. Organizations relying on Aquarius Desktop for macOS should prioritize addressing this vulnerability to prevent unauthorized access and data compromise.

For European organizations, this vulnerability poses a tangible risk to the security of user accounts and cloud-synchronized data managed via Aquarius Desktop on macOS. Attackers gaining access to the local file system—through malware, insider threats, or physical access—can extract plaintext passwords and fully compromise user accounts. This can lead to unauthorized data access, manipulation, and potential disruption of business operations relying on the cloud services linked to Aquarius accounts. The impact is particularly critical for organizations handling sensitive or regulated data, such as financial institutions, healthcare providers, and government agencies. Additionally, compromised accounts could be leveraged for lateral movement within corporate networks or to launch further attacks. The vulnerability undermines trust in the security of the Aquarius platform and may result in reputational damage and regulatory consequences under GDPR if personal data is exposed. Given the medium severity and local access requirement, the threat is more pronounced in environments where endpoint security is weak or where macOS devices are shared or insufficiently protected.

To mitigate this vulnerability, organizations should implement the following specific measures: 1) Restrict file system permissions on the ~/Library/Application Support/Aquarius directory to prevent unauthorized users or processes from reading the aquarius.settings file. 2) Employ endpoint security solutions that detect and block unauthorized access to sensitive application files. 3) Encourage or enforce the use of full disk encryption on macOS devices to protect data at rest. 4) Monitor for unusual login patterns or account activities that may indicate credential compromise. 5) Work with the vendor to obtain updates or patches that replace weak obfuscation with strong cryptographic storage mechanisms such as AES encryption with secure key management. 6) Educate users about the risks of local file exposure and the importance of securing their devices. 7) Consider implementing multi-factor authentication (MFA) on the vendor website to reduce the impact of stolen credentials. 8) Regularly audit and review access controls and endpoint security policies to ensure compliance and effectiveness.