CVE-2025-25364

8.4

High

Published:23 Dec 2025

Last updated:17 Jun 2026

Source:cve@mitre.org

Analyzed

Weakness (CWE)

CWE-77Command Injection

CVSS Vector

v3.1

Attack Vector: Local
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

A command injection vulnerability in the me.connectify.SMJobBlessHelper XPC service of Speedify VPN up to v15.0.0 allows attackers to execute arbitrary commands with root-level privileges.

References

cve@mitre.org

https://connectify.me

cve@mitre.org

https://speedify.com/

cve@mitre.org

https://speedify.com/blog/news/speedify-macos-vpn-application-vulnerability/