CVE-2025-61229

HIGH

Shirt Pocket's SuperDuper! <3.10 - Privilege Escalation

Title source: llm

Description

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

Exploits (1)

nomisec WORKING POC

by graypixel2121 · poc

https://github.com/graypixel2121/CVE-2025-61229

View Code ZIP pw:eip

References (3)

[Not Applicable] http://shirt.com

[Product] https://shirt-pocket.com/SuperDuper/SuperDuperDescription.html

[Release Notes] https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_security_update_v311/

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284 CWE-276

Status published

Products (1)

shirt-pocket/superduper\! < 3.10

Published Dec 01, 2025

Tracked Since Feb 18, 2026