CVE-2025-65843 affects Aquarius Desktop version 3.0.069 running on macOS and stems from insecure handling of symbolic links during the generation of support data archives. The application recursively enumerates log files located in the ~/Library/Logs/Aquarius directory using a JUCE directory iterator configured to follow symbolic links. However, it fails to validate whether the files it processes are actual files or symbolic links. An attacker with local access can plant symbolic links within this directory that point to arbitrary filesystem locations. When Aquarius builds the support ZIP archive, it reads and includes the contents of these linked files, potentially disclosing sensitive information or allowing unauthorized modification of files. The vulnerability is exacerbated when chained with a HelperTool privilege escalation issue, which can expose root-owned files, significantly increasing the impact. The CVSS v3.1 score is 7.7 (high), reflecting the vulnerability's ability to compromise confidentiality and integrity without requiring user interaction or elevated privileges initially. The weakness corresponds to CWE-59 (Improper Link Resolution Before File Access). No public exploits are known yet, and no patches have been linked at the time of publication. The attack surface is limited to local users with access to the affected system, but the impact can be severe if exploited.

For European organizations, this vulnerability poses a significant risk to confidentiality and integrity of sensitive data stored on macOS systems running Aquarius Desktop. Unauthorized disclosure of files could lead to leakage of intellectual property, personal data, or internal logs. Modification of files could disrupt operations or facilitate further attacks. The ability to expose root-owned files when combined with privilege escalation increases the potential for full system compromise. Organizations with macOS endpoints used in development, research, or sensitive environments are particularly at risk. The local access requirement limits remote exploitation but insider threats or compromised accounts could leverage this vulnerability. Data protection regulations such as GDPR heighten the consequences of unauthorized data exposure. The lack of available patches means organizations must rely on mitigating controls until updates are released.

Specific mitigations include: 1) Restrict local access to macOS systems running Aquarius Desktop to trusted users only, minimizing the risk of malicious symlink planting. 2) Monitor and audit the ~/Library/Logs/Aquarius directory for unexpected symbolic links or unusual file system changes. 3) Employ macOS filesystem integrity and monitoring tools to detect unauthorized file modifications or symlink creations. 4) Temporarily disable or restrict the support data archive generation feature if feasible until a patch is available. 5) Apply the principle of least privilege to user accounts to reduce the impact of local exploits. 6) Coordinate with the vendor to obtain patches or updates addressing this vulnerability as soon as they become available. 7) Educate users about the risks of local file manipulation and enforce endpoint security policies. 8) If possible, sandbox or containerize Aquarius Desktop to limit filesystem access scope. These targeted actions go beyond generic advice by focusing on the specific attack vector and environment.