Cyber Resilience

CVE-2025-70341

HighPublic PoCLPE

Published: 04 March 2026

Published
04 March 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70341 is a high-severity Code Injection (CWE-94) vulnerability in App-Auto-Patch App-Auto-Patch. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-70341 is a vulnerability in App-Auto-Patch v3.4.2 stemming from insecure permissions that create a race condition, allowing attackers to write arbitrary files. Published on 2026-03-04, it is associated with CWE-94 (Code Injection) and CWE-732 (Incorrect Permission Assignment for Critical Resource), earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables arbitrary file writes, resulting in high impacts on confidentiality, integrity, and availability, which could facilitate privilege escalation or persistent system compromise.

Mitigation details are available in referenced GitHub resources, including the vulnerable script at https://github.com/App-Auto-Patch/App-Auto-Patch/blob/main/App-Auto-Patch-via-Dialog.zsh, issue discussion at https://github.com/App-Auto-Patch/App-Auto-Patch/issues/203, pull request https://github.com/App-Auto-Patch/App-Auto-Patch/pull/202, and a dedicated repository at https://github.com/malvector/CVE-2025-70341. Practitioners should consult these for patches and remediation steps.

EU & UK References

Vulnerability details

Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Arbitrary file write via insecure permissions/race condition directly enables local privilege escalation as described.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-27688Shared CWE-732
CVE-2026-8110Shared CWE-732
CVE-2025-21292Shared CWE-94
CVE-2026-26682Shared CWE-94
CVE-2026-25112Shared CWE-732
CVE-2026-22768Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2026-24834Shared CWE-732
CVE-2024-55411Shared CWE-732
CVE-2026-41217Shared CWE-732

Affected Assets

app-auto-patch
app-auto-patch
≤ 3.4.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-6 enforces least privilege, directly preventing low-privilege local attackers from exploiting insecure permissions to achieve arbitrary file writes via the race condition.

prevent

AC-3 enforces approved authorizations for access to system resources, comprehensively blocking unauthorized file writes enabled by the CVE's insecure permissions.

prevent

CM-6 mandates secure configuration settings for components like App-Auto-Patch, addressing insecure file permissions that create the race condition.

References