HIGH🇵🇱 Wersja polska

CVE-2022-25366

CVSS 7.8v3.1pub. 2022-02-19upd. 2024-11-21

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cryptomator

    APP
    Cryptomator
    ≤ 1.6.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-32309HIGH8.7ten sam produkt

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, the Hub-based unlock ...

CVE-2026-32318HIGH7.6ten sam produkt

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to ...

CVE-2026-32317HIGH7.6ten sam produkt

Cryptomator for Android offers multi-platform transparent client-side encryption for files in the cloud. Prior...

CVE-2026-32303HIGH7.6ten sam produkt

Cryptomator encrypts data being stored on cloud infrastructure. Prior to version 1.19.1, an integrity check vu...

CVE-2023-37907HIGH7.0ten sam produkt

Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, ...