Back to search
CVE-2025-8533
Published: Aug 7, 2025
Modified: Aug 7, 2025
PUBLISHED
Description
A vulnerability was identified in the XPC services of Fantastical. The services failed to implement proper client authorization checks in its listener:shouldAcceptNewConnection method, unconditionally accepting requests from any local process. As a result, any local, unprivileged process could connect to the XPC service and access its methods. This issue has been resolved in version 4.0.16.
| Vendor | Product | Versions |
|---|---|---|
Flexibits | Fantastical | affected 0 - < 4.0.16 |
Weaknesses (CWE)
References
https://cert.pl/en/posts/2025/08/CVE-2025-8533
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now