Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Dec 3, 2025

CVE-2025-55076

Description

A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges.

Affected products

Plugin Alliance/Installation Managerinferred
Range: <=1.4.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

almightysec.com/plugin-alliance-helpertool-xpc-service-local-privilege-escalation/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000