Error type:
CWE-269:Improper Privilege Management
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
- Severity (CVSSv4.0): 7.0 (high)
Description:
The vulnerability was identified in OneDrive, version 25.020.0202.
The vulnerability in Microsoft OneDrive was discovered on MacOS. Local privilege escalation allows an attacker to escalate privileges from a normal user to root.
To exploit the vulnerability a potential attacker must be able to execute code on the victim's machine with normal user privileges.
Vulnerability status: Confirmed by vendor
Date of vulnerability discovery: 28.03.2025
Additional information:
Microsoft has decided not to release a fix for this issue to the public right away because it did not meet the criteria for an immediate security update. However, they have committed to including a fix for this issue in the future versions of the product.
Microsoft has shared the report with the team responsible for maintaining the product or service.
The responsible team will take appropriate action as needed to help keep customers protected.
To mitigate the potential impact of the vulnerability, it is advised to:
- The daemon file needs to be moved to the /Library/PrivilegedHelperTools/ directory and have its editing permissions removed.
- Alternatively, delete the plist file and run Microsoft Onedrive manually.
Researcher: Egor Filatov (Positive Technologies)
Identifiers:
BDU:2025-08829
Vendor:
Microsoft Corporation
Vulnerable product:
OneDrive
Vulnerable versions:
25.020.0202