CVE-2025-7961: CWE-94 Improper Control of Generation of Code ('Code Injection') in Wulkano KAP
Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.
AI Analysis
Technical Summary
CVE-2025-7961 is a medium-severity vulnerability classified under CWE-94, which pertains to improper control of code generation, commonly known as code injection. This vulnerability affects version 3.6.0 of Wulkano's KAP application on macOS. The flaw allows an attacker with limited privileges (low privileges, requiring local access) to bypass the Transparency, Consent, and Control (TCC) framework on macOS. TCC is a security mechanism that controls application access to sensitive user data and system resources. By exploiting this vulnerability, an attacker can inject and execute arbitrary code within the context of the KAP application, potentially escalating privileges or accessing protected resources without user consent or notification. The CVSS 4.0 score of 6.9 reflects a medium severity, with the attack vector being local (AV:L), requiring low attack complexity (AC:L), no user interaction (UI:N), and no authentication (AT:N) but requiring low privileges (PR:L). The vulnerability has a high impact on confidentiality (VC:H), low on integrity (VI:L), and no impact on availability (VA:N). The scope is limited (SC:L), and there is no known exploit in the wild as of the published date. No patches or mitigation links have been provided yet, indicating that users of version 3.6.0 remain at risk until an update is released. The vulnerability is significant because it undermines macOS's built-in privacy controls, potentially exposing sensitive user data or enabling further malicious activity on affected systems.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to those using macOS systems with the vulnerable version of KAP installed. Since KAP is a screen recording and sharing tool, it is often used in creative, educational, and corporate environments. Exploitation could lead to unauthorized access to sensitive screen content, bypassing user consent mechanisms, which may result in data leakage or privacy violations. This is particularly critical under the GDPR framework, where unauthorized data access can lead to regulatory penalties. The TCC bypass could also facilitate lateral movement or privilege escalation within corporate networks if attackers gain footholds on endpoint devices. Organizations relying on macOS endpoints for sensitive operations or communications are at risk of confidentiality breaches. The lack of known exploits in the wild reduces immediate threat but does not eliminate the risk, especially as attackers may develop exploits once the vulnerability details are public. The medium severity suggests that while the vulnerability is serious, exploitation requires local access and some privileges, limiting remote or mass exploitation scenarios. However, insider threats or compromised low-privilege accounts could leverage this vulnerability to escalate access or exfiltrate data.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Immediately audit and inventory all macOS devices to identify installations of Wulkano KAP version 3.6.0. 2) Temporarily disable or uninstall KAP on critical systems until a patch is released. 3) Implement strict endpoint security controls to limit local access to authorized users only, reducing the risk of local exploitation. 4) Monitor macOS system logs and TCC permission changes for suspicious activity indicative of TCC bypass attempts. 5) Employ application whitelisting and macOS security features such as System Integrity Protection (SIP) and Endpoint Detection and Response (EDR) solutions to detect anomalous code injection behaviors. 6) Educate users about the risks of running untrusted code or applications with elevated privileges. 7) Stay alert for vendor updates or patches from Wulkano and apply them promptly once available. 8) Consider network segmentation to isolate macOS devices running KAP from sensitive systems to limit potential lateral movement.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2025-7961: CWE-94 Improper Control of Generation of Code ('Code Injection') in Wulkano KAP
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.
AI-Powered Analysis
Technical Analysis
CVE-2025-7961 is a medium-severity vulnerability classified under CWE-94, which pertains to improper control of code generation, commonly known as code injection. This vulnerability affects version 3.6.0 of Wulkano's KAP application on macOS. The flaw allows an attacker with limited privileges (low privileges, requiring local access) to bypass the Transparency, Consent, and Control (TCC) framework on macOS. TCC is a security mechanism that controls application access to sensitive user data and system resources. By exploiting this vulnerability, an attacker can inject and execute arbitrary code within the context of the KAP application, potentially escalating privileges or accessing protected resources without user consent or notification. The CVSS 4.0 score of 6.9 reflects a medium severity, with the attack vector being local (AV:L), requiring low attack complexity (AC:L), no user interaction (UI:N), and no authentication (AT:N) but requiring low privileges (PR:L). The vulnerability has a high impact on confidentiality (VC:H), low on integrity (VI:L), and no impact on availability (VA:N). The scope is limited (SC:L), and there is no known exploit in the wild as of the published date. No patches or mitigation links have been provided yet, indicating that users of version 3.6.0 remain at risk until an update is released. The vulnerability is significant because it undermines macOS's built-in privacy controls, potentially exposing sensitive user data or enabling further malicious activity on affected systems.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to those using macOS systems with the vulnerable version of KAP installed. Since KAP is a screen recording and sharing tool, it is often used in creative, educational, and corporate environments. Exploitation could lead to unauthorized access to sensitive screen content, bypassing user consent mechanisms, which may result in data leakage or privacy violations. This is particularly critical under the GDPR framework, where unauthorized data access can lead to regulatory penalties. The TCC bypass could also facilitate lateral movement or privilege escalation within corporate networks if attackers gain footholds on endpoint devices. Organizations relying on macOS endpoints for sensitive operations or communications are at risk of confidentiality breaches. The lack of known exploits in the wild reduces immediate threat but does not eliminate the risk, especially as attackers may develop exploits once the vulnerability details are public. The medium severity suggests that while the vulnerability is serious, exploitation requires local access and some privileges, limiting remote or mass exploitation scenarios. However, insider threats or compromised low-privilege accounts could leverage this vulnerability to escalate access or exfiltrate data.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Immediately audit and inventory all macOS devices to identify installations of Wulkano KAP version 3.6.0. 2) Temporarily disable or uninstall KAP on critical systems until a patch is released. 3) Implement strict endpoint security controls to limit local access to authorized users only, reducing the risk of local exploitation. 4) Monitor macOS system logs and TCC permission changes for suspicious activity indicative of TCC bypass attempts. 5) Employ application whitelisting and macOS security features such as System Integrity Protection (SIP) and Endpoint Detection and Response (EDR) solutions to detect anomalous code injection behaviors. 6) Educate users about the risks of running untrusted code or applications with elevated privileges. 7) Stay alert for vendor updates or patches from Wulkano and apply them promptly once available. 8) Consider network segmentation to isolate macOS devices running KAP from sensitive systems to limit potential lateral movement.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Fluid Attacks
- Date Reserved
- 2025-07-21T16:19:29.856Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 689f64b5ad5a09ad006eb477
Added to database: 8/15/2025, 4:47:49 PM
Last enriched: 8/15/2025, 5:04:48 PM
Last updated: 8/19/2025, 12:34:28 AM
Views: 4
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.