CVE-2025-20960

Name of the Vulnerable Software and Affected Versions CocktailBarService versions prior to SMR May-2025 Release 1

Description The issue is related to the improper handling of insufficient permissions in CocktailBarService, allowing local attackers to use the privileged API. This enables local attackers to exploit the vulnerability.

Recommendations For versions prior to SMR May-2025 Release 1, consider restricting access to the privileged API until a patch is available. As a temporary workaround, review and adjust the permission settings in CocktailBarService to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.