fkie_nvd - fkie_cve-2025-5995

FKIE_CVE-2025-5995

Vulnerability from fkie_nvd - Published: 2025-06-26 20:15 - Updated: 2025-06-30 18:39

Severity ?

4.6 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Summary

Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting in code execution and ultimately leading to privilege escalation.

References

	URL	Tags
	4586e0a2-224d-4f8a-9cb4-8882b208c0b3	https://www.canon-europe.com/psirt/advisory-information
	4586e0a2-224d-4f8a-9cb4-8882b208c0b3	https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation."
    },
    {
      "lang": "es",
      "value": "Canon EOS Webcam Utility Pro para MAC OS versi\u00f3n 2.3d (2.3.29) y anteriores contiene una vulnerabilidad de permisos de directorio incorrectos. Para explotar esta vulnerabilidad, un usuario malintencionado debe tener acceso de administrador. Un atacante podr\u00eda modificar el directorio, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo y, en \u00faltima instancia, la escalada de privilegios."
    }
  ],
  "id": "CVE-2025-5995",
  "lastModified": "2025-06-30T18:39:09.973",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-26T20:15:32.193",
  "references": [
    {
      "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
      "url": "https://www.canon-europe.com/psirt/advisory-information"
    },
    {
      "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
      "url": "https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os"
    }
  ],
  "sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
      "type": "Secondary"
    }
  ]
}

CVE-2025-5995 (GCVE-0-2025-5995)

Vulnerability from cvelistv5 – Published: 2025-06-26 19:13 – Updated: 2025-06-26 19:33

Summary

Severity ?

4.6 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

Canon_EMEA

References

URL

Tags

	https://www.usa.canon.com/about-us/to-our-custome…	vendor-advisorymitigation
	https://www.canon-europe.com/psirt/advisory-information	vendor-advisory

Impacted products

	Vendor	Product	Version
	Canon USA Inc.	Canon EOS Webcam Utility Pro	Affected: 0 , ≤ 2.3d (2.3.29) (including) (custom)

Credits

Isaac Ordonez

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5995",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-26T19:30:42.502275Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-26T19:33:44.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "Canon EOS Webcam Utility Pro",
          "vendor": "Canon USA Inc.",
          "versions": [
            {
              "lessThanOrEqual": "2.3d (2.3.29) (including)",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Isaac Ordonez"
        }
      ],
      "datePublic": "2025-06-26T19:12:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation."
            }
          ],
          "value": "Canon EOS Webcam Utility Pro for MAC OS version 2.3d\n(2.3.29) and earlier contains an improper directory permissions vulnerability.\nExploitation of this vulnerability requires administrator access by a malicious\nuser. An attacker could modify the directory, potentially resulting in code\nexecution and ultimately leading to privilege escalation."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Not applicable"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-26T19:13:48.305Z",
        "orgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
        "shortName": "Canon_EMEA"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "mitigation"
          ],
          "url": "https://www.usa.canon.com/about-us/to-our-customers/vulnerability-mitigation-remediation-for-canon-eos-webcam-utility-pro-for-mac-os"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.canon-europe.com/psirt/advisory-information"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_cemea",
        "x_cusa"
      ],
      "title": "Canon EOS Webcam Utility Pro for MAC OS contains an insecure permission issue potentially leading to code execution and privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
    "assignerShortName": "Canon_EMEA",
    "cveId": "CVE-2025-5995",
    "datePublished": "2025-06-26T19:13:48.305Z",
    "dateReserved": "2025-06-11T12:01:21.085Z",
    "dateUpdated": "2025-06-26T19:33:44.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-5995

CVE-2025-5995 (GCVE-0-2025-5995)

Tags

Sightings

Nomenclature