
Palo Alto Networks has disclosed a big safety vulnerability in its Autonomous Digital Expertise Supervisor software program that might enable attackers to realize root-level entry on macOS programs.
The vulnerability, tracked as CVE-2025-0139, impacts variations 5.6.0 by way of 5.6.6 of the software program and has been assigned a CVSS base rating of 6.3, although the corporate’s inner scoring system charges it as LOW severity with MODERATE urgency.
Vulnerability Particulars and Technical Influence
The safety flaw stems from an incorrect privilege task vulnerability that allows a domestically authenticated person with low-level privileges to escalate their entry to root stage on macOS endpoints.
In line with the vulnerability disclosure, this privilege escalation happens by way of the software program’s improper dealing with of person permissions, making a pathway for malicious actors who’ve already gained preliminary entry to a system to increase their management considerably.
The vulnerability requires no particular configuration to be exploitable, making it significantly regarding for organizations working affected variations.
CVE Particulars | Worth |
CVE ID | CVE-2025-0139 |
CVSS Rating | 6.3 (Base) / 2.4 (Risk) |
Severity | LOW (Firm Ranking) |
Affected Variations | 5.6.0 – 5.6.6 (macOS) |
An attacker would want native entry to the system and low-level person privileges to use this flaw, however no person interplay is required as soon as the assault is initiated. The assault complexity is rated as LOW, indicating that exploitation doesn’t require subtle strategies or instruments.
Palo Alto Networks has confirmed that they’re not presently conscious of any malicious exploitation of this vulnerability within the wild.
The exploit maturity is assessed as “UNREPORTED,” suggesting that no public proof-of-concept code or energetic exploitation campaigns have been recognized.
Nevertheless, the potential impression stays important, as profitable exploitation might grant attackers full management over affected macOS programs.
The vulnerability’s impression profile exhibits that whereas preliminary confidentiality, integrity, and availability impacts are minimal or nonexistent, the next impression throughout all three safety pillars is rated as HIGH.
This means that when privilege escalation happens, attackers might probably entry delicate information, modify system configurations, and disrupt system operations.
Decision and Mitigation Methods
Palo Alto Networks has launched model 5.6.7 because the definitive resolution for this vulnerability. Organizations working Autonomous Digital Expertise Supervisor variations 5.6.0 by way of 5.6.6 on macOS are strongly suggested to improve instantly to model 5.6.7 or later.
The corporate has confirmed that no workarounds or short-term mitigations can be found for this problem, making the software program replace the one viable safety methodology.
The vulnerability was found externally and reported beneath reference DEM-9950, revealed on July 9, 2025.
Safety groups ought to prioritize this replace of their patching schedules, significantly given the average urgency ranking and the potential for important system compromise.
Keep Up to date on Every day Cybersecurity Information . Observe us on Google Information, LinkedIn, and X.