Cyber Resilience

CVE-2024-55968

High

Published: 28 January 2025

Published
28 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1048 93.4th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55968 is a high-severity Privilege Defined With Unsafe Actions (CWE-267) vulnerability. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 6.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2024-55968 affects DTEX DEC-M (DTEX Forwarder) version 6.1.1 on macOS. The com.dtexsystems.helper service, which handles privileged operations inside the DTEX Event Forwarder agent, performs no validation of connecting clients during XPC interprocess communication. It neither checks code signing requirements, entitlements, security flags, nor client version before accepting connections to the DTConnectionHelperProtocol interface.

An attacker with local access and the ability to launch an XPC client can therefore invoke the submitQuery method without authorization. Successful exploitation grants the caller root privileges by abusing the helper's privileged operations.

Public references consist of two GitHub repositories that document the missing validation and provide proof-of-concept code for establishing an unauthorized connection.

The EPSS score rose from a low baseline to a recorded peak of 0.1358 before settling at the current value of 0.1048, indicating measurable post-disclosure interest in the issue.

EU & UK References

Vulnerability details

An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the macOS DTEX Event Forwarder agent, fails to implement critical client validation during XPC interprocess communication (IPC). Specifically, the service does…

more

not verify the code requirements, entitlements, security flags, or version of any client attempting to establish a connection. This lack of proper logic validation allows malicious actors to exploit the service's methods via unauthorized client connections, and escalate privileges to root by abusing the DTConnectionHelperProtocol protocol's submitQuery method over an unauthorized XPC connection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1559.003 XPC Services Execution
Adversaries can provide malicious content to an XPC service daemon for local code execution.
Why these techniques?

Direct local privilege escalation via unauthenticated XPC service abuse in privileged helper.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23526Shared CWE-267
CVE-2025-41244Shared CWE-267
CVE-2026-29646Shared CWE-267
CVE-2025-23015Shared CWE-267
CVE-2026-0945Shared CWE-267
CVE-2026-2460Shared CWE-267
CVE-2026-2459Shared CWE-267
CVE-2026-27314Shared CWE-267
CVE-2026-9560Shared CWE-267
CVE-2025-14349Shared CWE-267

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-3 requires enforcement of approved authorizations for access to resources, directly countering the service's failure to validate XPC clients, code requirements, entitlements, or versions.

prevent

AC-25 mandates a reference monitor mechanism to mediate all accesses verifiably, addressing the lack of comprehensive client validation in the privileged com.dtexsystems.helper service.

prevent

AC-6 enforces least privilege for accounts and functions, limiting the impact of privilege escalation via unauthorized XPC connections to the root submitQuery method.

References