VYPR

Frostwire

by FrostWire

Source repositories

CVEs (2)

  • CVE-2025-57443MedOct 2, 2025
    risk 0.33cvss 5.1epss 0.00

    FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows…

  • CVE-2018-1000828Dec 20, 2018
    risk 0.00cvss epss 0.01

    FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in…