CVE Alert: CVE-2025-10906 – Magnetism Studios – Endurance
CVE-2025-10906
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used.
AI Summary Analysis
Risk verdict
High risk: publicly documented PoC enables local privilege escalation with no user interaction, and the vulnerability scores indicate a severe impact even when exploitation is local.
Why this matters
Compromise can bypass authentication and grant high confidentiality, integrity, and availability impact on the host. In environments with Mac endpoints, a local attacker could gain persistent access or exfiltrate sensitive data, potentially enabling broader footholds across a fleet if lateral movement is feasible.
Most likely attack path
Exploitation requires local access and does not need user interaction. An attacker leverages the NSXPC interface to load a malicious module via loadModuleNamed:WithReply, taking advantage of missing authentication to escalate privileges and access protected resources. With local access prerequisites and high impact, the attack is improbable remotely but potent for hosts an attacker can reach.
Who is most exposed
Mac endpoint deployments with NSXPC-based components and locally accessible helpers are most at risk, particularly in teams that rely on design/creative workflows on macOS and operate with standard user accounts or insufficient sandboxing.
Detection ideas
- Look for attempts to load or inject modules via the NSXPC interface, especially calls to loadModuleNamed:WithReply.
- Monitor for unexpected or unsigned modules appearing under the Endurance/NSXPC helper paths.
- Detect new or anomalous processes spawned from the Endurance helper with elevated privileges.
- Correlate PoC indicators or exploit chatter in security logs and crash dumps tied to the NSXPC component.
Mitigation and prioritisation
- Apply the vendor patch to the affected release range as soon as available; if a newer build exists, upgrade promptly.
- Enforce least-privilege local access, tighten SSO/credential hygiene, and consider sandboxing or disabling the NSXPC interface where feasible.
- Implement application whitelisting, code signing verification, and enhanced EDR rules targeting NSXPC activity and the Endurance helper path.
- Perform rapid patching cycles and document change management; verify remediation in a controlled test group before broad rollout.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
