CVE-2025-65843

Name of the Vulnerable Software and Affected Versions Aquarius Desktop version 3.0.069

Description Aquarius Desktop for macOS has an issue with how it handles files. The application does not properly check files when creating support archives, specifically when dealing with symbolic links within the ~/Library/Logs/Aquarius directory. It follows these links as if they were normal files. This allows a local attacker to potentially read or change files they shouldn't have access to by placing specially crafted symbolic links. If combined with another issue related to elevated privileges (HelperTool), even files owned by the root user could be exposed. The application uses a JUCE directory iterator to enumerate logs and writes file data without verifying if the target is a symbolic link.

Recommendations Update to a newer version that contains a fix for this vulnerability.