Unrated severityNVD Advisory· Published Dec 17, 2025· Updated Dec 18, 2025

CVE-2024-46062

Description

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitrary commands, leading to code execution as the root user.

Affected products

Miniconda3/Miniconda3llm-create
Range: <23.11.0-1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

m8sec.dev/blog/privilege-escalation-macos-pkg-installers/mitre
www.anaconda.com/docs/getting-started/miniconda/release/23.xmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000