CVE-2025-66004

MEDIUM

usbmuxd <3ded00c9985a5108cfc7591a309f9a23d57a8cba - Path Traversal

Title source: llm

Description

A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.

References (2)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/12/msg00027.html

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66004

Scores

CVSS v3 5.7

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-35

Status published

Products (1)

libimobiledevice/usbmuxd < 3ded00c9985a5108cfc7591a309f9a23d57a8cba

Published Dec 10, 2025

Tracked Since Feb 18, 2026