graypixel2121 - Security Researcher - Exploit Intelligence Platform

CVE-2025-69604 NOMISEC HIGH WORKING POC

SuperDuper! < 3.12 - Unauthenticated Arbitrary Package Installation via Default Task Template

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

CVSS 7.8

View Code

CVE-2025-57489 NOMISEC HIGH WORKING POC

SuperDuper! - Privilege Escalation via SDAgent setuid Binary

Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.

CVSS 8.1

View Code

CVE-2025-61228 NOMISEC HIGH WORKING POC

Shirt Pocket SuperDuper! <3.10 - RCE

An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism

CVSS 7.8

View Code

CVE-2025-61229 NOMISEC HIGH WORKING POC

Shirt Pocket's SuperDuper! <3.10 - Privilege Escalation

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

CVSS 7.8

View Code