CVE-2025-10015 | Sparkle up to 2.7.1 XPC Service Downloader.xpc authorization

September 16, 2025 Yanac

A vulnerability identified as problematic has been detected in Sparkle up to 2.7.1. This affects an unknown part of the file Downloader.xpc of the component XPC Service. This manipulation causes incorrect authorization.

This vulnerability appears as CVE-2025-10015. The attack requires local access. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More