CVE-2025-4960
Published: 19 February 2026
Summary
CVE-2025-4960 is a high-severity Incorrect Authorization (CWE-863) vulnerability in Pentraze (inferred from references). Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the failure to properly authenticate clients over XPC and enforce macOS authorization model by requiring strict enforcement of approved access authorizations.
Mitigates local privilege escalation by ensuring privileged operations in the Epson InstallNavi.helper are restricted to the minimum privileges necessary, preventing exposure to untrusted users.
Requires timely flaw remediation through patching the specific implementation flaws in the Epson printer driver tool as detailed in vendor advisories.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct local privilege escalation via exploitation of flawed authorization and XPC authentication in a privileged helper tool, enabling arbitrary command execution and system component installation without admin credentials.
NVD Description
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly enforce macOS’s authorization…
more
model, exposing privileged functionality to untrusted users. Although it invokes the AuthorizationCopyRights API, it does so using overly permissive custom rights that it registers in the system’s authorization database (/var/db/auth.db). These rights can be requested and granted by the authorization daemon to any local user, regardless of privilege level. As a result, an attacker can exploit the vulnerable service to perform privileged operations such as executing arbitrary commands or installing system components without requiring administrative credentials.
Deeper analysisAI
CVE-2025-4960 is a local privilege escalation vulnerability in the com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer on macOS. The tool contains multiple implementation flaws that prevent proper client authentication over the XPC protocol and fail to correctly enforce macOS’s authorization model. Although it invokes the AuthorizationCopyRights API, it registers overly permissive custom rights in the system’s authorization database (/var/db/auth.db), exposing privileged functionality to untrusted users.
A local attacker with low privileges (PR:L) can exploit the vulnerability due to its low attack complexity (AC:L) and lack of user interaction requirement (UI:N). The authorization daemon grants these custom rights to any local user regardless of privilege level, enabling the attacker to perform privileged operations such as executing arbitrary commands or installing system components without administrative credentials. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-863 (Incorrect Authorization).
Mitigation details are available in advisories from Pentraze at https://pentraze.com/vulnerability-reports/ and https://pentraze.com/vulnerability-reports/cve-2025-4960/. The vulnerability was published on 2026-02-19T07:17:38.137.
Details
- CWE(s)