CVE Alert: CVE-2025-10672 – whuan132 – AIBattery

Risk verdict

High risk due to a public exploit that allows unauthenticated local access to a privileged function; exploitation could lead to full device compromise if unmitigated.

Why this matters

Missing authentication enables manipulation of sensitive power-control features via a local vector, raising potential for privilege escalation and persistence. For organisations, this threatens endpoint integrity, device availability, and potential abuse of hardware controls without needing remote access.

Most likely attack path

Attacker must have local access to the host and can trigger an unauthenticated XPC interaction in BatteryXPCService.swift. With PR:L and local vector, initial access is needed, followed by privilege elevation to control power-related functionality. Lateral spread is unlikely; impact concentrates on the compromised device’s hardware controls and stability.

Who is most exposed

Endpoints running AIBattery on devices where the component is embedded in consumer or enterprise software, typically laptops or workstations with standard user accounts and local access pathways.

Detection ideas

• Unusual or unauthenticated calls to BatteryXPCService XPC interface
• Access attempts to com.collweb.AIBatteryHelper or related processes
• Attempts to modify SMC or power-control settings from non-admin contexts
• Anomalous authentication bypass patterns or privilege escalations
• PoC usage traces in device logs or security alerts

Mitigation and prioritisation

• Apply the vendor patch/update to the affected build as soon as available.
• If patching is delayed, apply compensating controls: restrict XPC access, enforce authentication checks, and harden the BatteryXPCService surface.
• Disable or sandbox AIBatteryHelper where feasible; monitor for local-access abuse.
• Enforce least-privilege for users and services interacting with battery/power controls.
• Incorporate change-management reviews for any updates to this component; test in a staged environment.