CVE-2025-70341
Published: 04 March 2026
Summary
CVE-2025-70341 is a high-severity Code Injection (CWE-94) vulnerability in App-Auto-Patch App-Auto-Patch. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2025-70341 is a vulnerability in App-Auto-Patch v3.4.2 stemming from insecure permissions that create a race condition, allowing attackers to write arbitrary files. Published on 2026-03-04, it is associated with CWE-94 (Code Injection) and CWE-732 (Incorrect Permission Assignment for Critical Resource), earning a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables arbitrary file writes, resulting in high impacts on confidentiality, integrity, and availability, which could facilitate privilege escalation or persistent system compromise.
Mitigation details are available in referenced GitHub resources, including the vulnerable script at https://github.com/App-Auto-Patch/App-Auto-Patch/blob/main/App-Auto-Patch-via-Dialog.zsh, issue discussion at https://github.com/App-Auto-Patch/App-Auto-Patch/issues/203, pull request https://github.com/App-Auto-Patch/App-Auto-Patch/pull/202, and a dedicated repository at https://github.com/malvector/CVE-2025-70341. Practitioners should consult these for patches and remediation steps.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208271
Vulnerability details
Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file write via insecure permissions/race condition directly enables local privilege escalation as described.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
AC-6 enforces least privilege, directly preventing low-privilege local attackers from exploiting insecure permissions to achieve arbitrary file writes via the race condition.
AC-3 enforces approved authorizations for access to system resources, comprehensively blocking unauthorized file writes enabled by the CVE's insecure permissions.
CM-6 mandates secure configuration settings for components like App-Auto-Patch, addressing insecure file permissions that create the race condition.