Error type:
CWE-269:Improper Privilege Management
Vulnerability vector:
Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 5.4 (medium)
Description:
The vulnerability was identified in WARP, versions 2025.1.861.0.
The vulnerability in Cloudflare WARP was discovered in a laboratory setting on MacOS. Local priviledge escalation allows an attacker to escalate privileges from a normal user to root
To exploit the vulnerability, the Warp package must be previously incorrectly removed by the user, and the potential attacker must be able to execute code on the victim's machine with normal user privileges.
Vulnerability status: Confirmed by vendor
Date of vulnerability discovery: 14.03.2025
Additional information:
To mitigate the potential impact of the vulnerability, it is advised to:
- The daemon file needs to be moved to the /Library/PrivilegedHelperTools/ directory and have its editing permissions removed.
- Alternatively, delete the plist file and run WARP manually.
Researcher: Egor Filatov (Positive Technologies)
Identifiers:
BDU:2025-08817
Vendor:
Cloudflare
Vulnerable product:
WARP
Vulnerable versions:
2025.1.861.0