CVE-2025-10016 | Sparkle up to 2.7.1 Installer XPC Service authorization

A vulnerability marked as problematic has been reported in Sparkle up to 2.7.1. This issue affects some unknown processing of the component Installer XPC Service. Performing manipulation results in incorrect authorization.

This vulnerability is known as CVE-2025-10016. Attacking locally is a requirement. No exploit is available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More