PT-2025-26297 · Unknown · The Phoenix Code
Karol Mazurek
·
Published
2025-06-20
·
Updated
2026-01-21
·
CVE-2025-5255
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
The Phoenix Code versions prior to the version with commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da
Description:
The issue is related to the configuration of The Phoenix Code on macOS, specifically the presence of certain entitlements. These entitlements allow for Dynamic Library (Dylib) injection, enabling a local attacker with unprivileged access to inject code into an application's context and bypass Transparency, Consent, and Control (TCC). The attacker can use environment variables like
DYLD INSERT LIBRARIES to inject code. The acquired resource access is limited to previously granted permissions by the user, and access to other resources requires user interaction with a system prompt.Recommendations:
For versions prior to the version with commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da, update to a version that includes the fix from commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da to resolve the issue. As a temporary workaround, consider restricting the use of environment variables like
DYLD INSERT LIBRARIES to minimize the risk of exploitation.Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Phoenix Code