CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-62686

A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.9%

CVSS Severity

CVSS v3 Score 6.2

References

https://almightysec.com/plugin-alliance-installationhelper-dylib-injection/

Products affected by CVE-2025-62686

Plugin-Alliance » Installation Manager » Version: 1.4.0

cpe:2.3:a:plugin-alliance:installation_manager:1.4.0
Apple » Macos » Version: N/A

cpe:2.3:o:apple:macos:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-62686

Products

Pricing

Contact Us