CVE-2025-70342

MEDIUM

erase-install <v40.4 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-70342. PoCs published by malvector.

AI-analyzed exploit summary The repository contains a functional proof-of-concept exploit for CVE-2025-70342, which intercepts admin credentials via a named pipe (FIFO) in erase-install by exploiting a hardcoded, world-writable output path.

Description

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe.

Exploits (1)

nomisec WORKING POC
by malvector · poc
https://github.com/malvector/CVE-2025-70342

The repository contains a functional proof-of-concept exploit for CVE-2025-70342, which intercepts admin credentials via a named pipe (FIFO) in erase-install by exploiting a hardcoded, world-writable output path.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: erase-install <= v40.4
No auth needed
Prerequisites: Apple Silicon Mac · local unprivileged user account
devstral-2 · analyzed May 04, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.6
EPSS 0.0024
EPSS Percentile 15.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-732
Status published
Products (1)
grahampugh/erase-install < 41.0
Published Mar 04, 2026
Tracked Since Mar 04, 2026