CVE-2025-4960

Name of the Vulnerable Software and Affected Versions Epson printer and scanner firmware Web Installer Epson printer driver installer

Description The Epson Web Installer for printer and scanner firmware and the com.epson.InstallNavi.helper tool, included with the Epson printer driver installer, have a security issue. The vulnerability stems from a lack of authentication for a critical function and flaws in the implementation of the com.epson.InstallNavi.helper tool. Specifically, the tool does not properly authenticate clients over the XPC protocol and incorrectly enforces macOS’s authorization model. It uses overly permissive custom rights registered in the system’s authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. This allows an attacker to perform privileged operations, such as executing arbitrary commands or installing system components, without administrative credentials.

Recommendations Apply updates to the Epson printer and scanner firmware Web Installer. Update the Epson printer driver installer.