CVE-2025-61229

HIGH

Shirt Pocket's SuperDuper! <3.10 - Privilege Escalation

Title source: llm

Description

An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls.

Exploits (1)

nomisec WORKING POC

by graypixel2121 · poc

https://github.com/graypixel2121/CVE-2025-61229

View Code ZIP pw:eip

References (3)

[Not Applicable] http://shirt.com

[Product] https://shirt-pocket.com/SuperDuper/SuperDuperDescription.html

[Release Notes] https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_security_update_v311/

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-284 CWE-276

Status published

Affected Products (1)

shirt-pocket/superduper\! < 3.10

Timeline

Published Dec 01, 2025

Tracked Since Feb 18, 2026