CVE-2025-5995

CVSS

No CVSS.

C

anon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting in code execution and ultimately leading to privilege escalation.

References

Link	Resource
https://www.canon-europe.com/psirt/advisory-information
https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os

Configurations

No configuration.

History

30 Jun 2025, 18:39

Type	Values Removed	Values Added
Summary		(es) Canon EOS Webcam Utility Pro para MAC OS versión 2.3d (2.3.29) y anteriores contiene una vulnerabilidad de permisos de directorio incorrectos. Para explotar esta vulnerabilidad, un usuario malintencionado debe tener acceso de administrador. Un atacante podría modificar el directorio, lo que podría provocar la ejecución de código y, en última instancia, la escalada de privilegios.

26 Jun 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-26 20:15

Updated : 2025-06-30 18:39

NVD link : CVE-2025-5995

Mitre link : CVE-2025-5995

CVE.ORG link : CVE-2025-5995

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

{"id": "CVE-2025-5995", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-26T20:15:32.193", "references": [{"url": "https://www.canon-europe.com/psirt/advisory-information", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}, {"url": "https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation."}, {"lang": "es", "value": "Canon EOS Webcam Utility Pro para MAC OS versi\u00f3n 2.3d (2.3.29) y anteriores contiene una vulnerabilidad de permisos de directorio incorrectos. Para explotar esta vulnerabilidad, un usuario malintencionado debe tener acceso de administrador. Un atacante podr\u00eda modificar el directorio, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo y, en \u00faltima instancia, la escalada de privilegios."}], "lastModified": "2025-06-30T18:39:09.973", "sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}