ByteOS Network

NVD Vulnerability Details :

CVE-2025-2098

Awaiting Analysis

Source-cvd@cert.pl

Published At-26 Mar, 2025 | 16:15

Updated At-03 Oct, 2025 | 09:15

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects Fast CAD Reader in possibly all versions since the vendor has not responded to our messages. The tested version was 4.1.5

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.4	HIGH	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-732	Primary	cvd@cert.pl

CWE ID: CWE-732

Type: Primary

Source: cvd@cert.pl

References

Hyperlink	Source	Resource
https://apps.apple.com/pl/app/fast-cad-reader/id1484905765	cvd@cert.pl	N/A
https://cert.pl/en/posts/2025/03/CVE-2025-2098/	cvd@cert.pl	N/A

Hyperlink: https://apps.apple.com/pl/app/fast-cad-reader/id1484905765

Source: cvd@cert.pl

Resource: N/A

Hyperlink: https://cert.pl/en/posts/2025/03/CVE-2025-2098/

Source: cvd@cert.pl

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History