CVE-2025-57443

Name of the Vulnerable Software and Affected Versions FrostWire version 6.14.0-build-326

Description The software has permissive entitlements, specifically allow-dyld-environment-variables and disable-library-validation. These entitlements permit unprivileged local attackers to inject code into the FrostWire process using the DYLD INSERT LIBRARIES environment variable. This code injection can lead to escalated privileges within TCC-approved directories. The DYLD INSERT LIBRARIES environment variable is used to load shared libraries into a process, potentially overriding existing functionality or introducing malicious code. TCC (Transparency, Consent, and Control) is a macOS security framework that manages user permissions for accessing resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.