CVE-2025-6183

The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message.

CVSS

No CVSS.

References

Link	Resource
https://security.strongdm.com/?tcuUid=56fde839-9388-4361-8d3b-9baa7b2de2ed

Configurations

No configuration.

History

22 Aug 2025, 18:09

Type	Values Removed	Values Added
Summary		(es) El cliente StrongDM para macOS procesó incorrectamente los mensajes con formato JSON. Los atacantes podrían modificar la configuración del sistema macOS manipulando un mensaje JSON malicioso.

20 Aug 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-20 17:15

Updated : 2025-08-22 18:09

NVD link : CVE-2025-6183

Mitre link : CVE-2025-6183

CVE.ORG link : CVE-2025-6183

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2025-6183", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-20T17:15:37.623", "references": [{"url": "https://security.strongdm.com/?tcuUid=56fde839-9388-4361-8d3b-9baa7b2de2ed", "source": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The StrongDM macOS client incorrectly processed JSON-formatted messages. Attackers could potentially modify macOS system configuration by crafting a malicious JSON message."}, {"lang": "es", "value": "El cliente StrongDM para macOS proces\u00f3 incorrectamente los mensajes con formato JSON. Los atacantes podr\u00edan modificar la configuraci\u00f3n del sistema macOS manipulando un mensaje JSON malicioso."}], "lastModified": "2025-08-22T18:09:17.710", "sourceIdentifier": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b"}