CVE-2025-55076

MEDIUM

Plugin Alliance Installation Manager <1.4.0 - Privilege Escalation

Title source: llm

Description

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.

References (1)

[Exploit, Third Party Advisory] https://almightysec.com/plugin-alliance-helpertool-xpc-service-local-privilege-escalation/

Scores

CVSS v3 6.2

EPSS 0.0002

EPSS Percentile 4.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

plugin-alliance/installation_manager 1.4.0

Published Dec 03, 2025

Tracked Since Feb 18, 2026