Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Phoenix Code by Core.ai
CVE-2025-5255 (GCVE-0-2025-5255)
Vulnerability from cvelistv5 – Published: 2025-06-20 10:01 – Updated: 2026-01-21 11:22 X_Open Source
VLAI
Title
TCC Bypass via Dylib Injection in Phoenix Code
Summary
The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2025/06/tcc-bypass/ | third-party-advisory |
| https://phcode.dev/ | product |
| https://github.com/phcode-dev/phoenix-desktop/com… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Core.ai | Phoenix Code |
Affected:
0 , ≤ 4.0.3
(semver)
|
Date Public
2025-06-20 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T13:26:23.907045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:29:49.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Phoenix Code",
"vendor": "Core.ai",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek - Afine Team"
}
],
"datePublic": "2025-06-20T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Phoenix Code\u0027s configuration on macOS, specifically the presence of entitlements: \"com.apple.security.cs.allow-dyld-environment-variables\" and \"com.apple.security.cs.disable-library-validation\" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application\u0027s context and\u0026nbsp;bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da\u003cbr\u003e"
}
],
"value": "The Phoenix Code\u0027s configuration on macOS, specifically the presence of entitlements: \"com.apple.security.cs.allow-dyld-environment-variables\" and \"com.apple.security.cs.disable-library-validation\" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application\u0027s context and\u00a0bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThis issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T11:22:11.225Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/06/tcc-bypass/"
},
{
"tags": [
"product"
],
"url": "https://phcode.dev/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/phcode-dev/phoenix-desktop/commit/ab5d5ffd04fbbab770c1ef6250cd0ec5323289c2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "TCC Bypass via Dylib Injection in Phoenix Code",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-5255",
"datePublished": "2025-06-20T10:01:42.561Z",
"dateReserved": "2025-05-27T09:58:01.712Z",
"dateUpdated": "2026-01-21T11:22:11.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5255 (GCVE-0-2025-5255)
Vulnerability from nvd – Published: 2025-06-20 10:01 – Updated: 2026-01-21 11:22 X_Open Source
VLAI
Title
TCC Bypass via Dylib Injection in Phoenix Code
Summary
The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2025/06/tcc-bypass/ | third-party-advisory |
| https://phcode.dev/ | product |
| https://github.com/phcode-dev/phoenix-desktop/com… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Core.ai | Phoenix Code |
Affected:
0 , ≤ 4.0.3
(semver)
|
Date Public
2025-06-20 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T13:26:23.907045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:29:49.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Phoenix Code",
"vendor": "Core.ai",
"versions": [
{
"lessThanOrEqual": "4.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karol Mazurek - Afine Team"
}
],
"datePublic": "2025-06-20T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Phoenix Code\u0027s configuration on macOS, specifically the presence of entitlements: \"com.apple.security.cs.allow-dyld-environment-variables\" and \"com.apple.security.cs.disable-library-validation\" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application\u0027s context and\u0026nbsp;bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da\u003cbr\u003e"
}
],
"value": "The Phoenix Code\u0027s configuration on macOS, specifically the presence of entitlements: \"com.apple.security.cs.allow-dyld-environment-variables\" and \"com.apple.security.cs.disable-library-validation\" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application\u0027s context and\u00a0bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.\n\nThis issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T11:22:11.225Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2025/06/tcc-bypass/"
},
{
"tags": [
"product"
],
"url": "https://phcode.dev/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/phcode-dev/phoenix-desktop/commit/ab5d5ffd04fbbab770c1ef6250cd0ec5323289c2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source"
],
"title": "TCC Bypass via Dylib Injection in Phoenix Code",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-5255",
"datePublished": "2025-06-20T10:01:42.561Z",
"dateReserved": "2025-05-27T09:58:01.712Z",
"dateUpdated": "2026-01-21T11:22:11.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}