CVE-2025-0509

CVE-2025-0509 is a security vulnerability affecting Sparkle versions prior to 2.6.4, an open-source software update framework commonly used for macOS applications. The flaw enables an attacker to replace an existing signed update with a malicious payload, bypassing Sparkle's (Ed)DSA signing verification checks. Classified under CWE-552 (Files or Directories Accessible to External Parties), it carries a CVSS v3.1 base score of 7.3 (AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H) and was published on 2025-02-04.

Exploitation requires an adjacent network position, high attack complexity, elevated privileges on the target system, and user interaction, such as a user approving a tampered update. A successful attack can result in high impacts to confidentiality, integrity, and availability across the affected component's scope, potentially allowing arbitrary code execution or full system compromise through the substituted payload.

Mitigation is achieved by updating to Sparkle version 2.6.4 or later. Key resources include the fixing pull request at https://github.com/sparkle-project/Sparkle/pull/2550, Sparkle's security and reliability documentation at https://sparkle-project.org/documentation/security-and-reliability/, and the NetApp advisory NTAP-20250124-0008 at https://security.netapp.com/advisory/ntap-20250124-0008/.