CVE-2025-25364

High

Published: 23 December 2025

Published

23 December 2025

Modified

06 January 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.5th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25364 is a high-severity Command Injection (CWE-77) vulnerability in Connectify Speedify. Its CVSS base score is 8.4 (High).

Operationally, ranked at the 27.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-77
OWASP Top 10 Web 2025: A05:2025

Affected Products

connectify

speedify

≤ 15.0.0

EU & UK References

🇪🇺 ENISA EUVD: EUVD-2025-204839

References

https://connectify.me
Product · cve@mitre.org
https://speedify.com/
Product · cve@mitre.org
https://speedify.com/blog/news/speedify-macos-vpn-application-vulnerability/
Vendor Advisory · cve@mitre.org