CVE-2024-55503

LOW

termius < 9.9.0 - Untrusted Search Path via DYLD_INSERT_LIBRARIES

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-55503. PoCs published by SyFi.

AI-analyzed exploit summary This PoC demonstrates a local command injection vulnerability in Termius App for macOS via the DYLD_INSERT_LIBRARIES environment variable. The exploit allows arbitrary code execution by loading a crafted dylib into the Termius process.

Description

An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.

Exploits (1)

nomisec WORKING POC

by SyFi · poc

https://github.com/SyFi/CVE-2024-55503

View Code ZIP pw:eip

This PoC demonstrates a local command injection vulnerability in Termius App for macOS via the DYLD_INSERT_LIBRARIES environment variable. The exploit allows arbitrary code execution by loading a crafted dylib into the Termius process.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Termius App < v9.9.0

No auth needed

Prerequisites: Local access to the macOS system · Ability to set environment variables · Crafted dylib file

MITRE ATT&CK

T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory

https://github.com/SyFi/CVE-2024-55503

Scores

CVSS v3 3.3

EPSS 0.0042

EPSS Percentile 33.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-426

Status published

Products (1)

termius/termius < 9.9.0

Published Jan 15, 2025

Tracked Since Feb 18, 2026