Login Sign Up

CVE-2025-10672

7.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in whuan132 AIBattery up to version 1.0.9 allows local attackers to bypass authentication in the AIBatteryHelper component. Attackers can manipulate the BatteryXPCService without proper authentication, potentially gaining unauthorized access to battery management functions. Users of AIBattery versions 1.0.9 and earlier on macOS systems are affected.

💻 Affected Systems

Products:
  • whuan132 AIBattery
Versions: up to 1.0.9
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability affects the com.collweb.AIBatteryHelper component specifically in the BatteryXPCService.swift file. All installations up to version 1.0.9 are vulnerable by default.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could gain unauthorized control over battery charging functions, potentially causing battery damage, system instability, or using the vulnerability as a privilege escalation vector to execute arbitrary code.

🟠

Likely Case

Local users without proper privileges could modify battery charging settings, potentially reducing battery lifespan or causing unexpected system behavior.

🟢

If Mitigated

With proper access controls and authentication mechanisms, the vulnerability would be prevented from being exploited, maintaining normal battery management functionality.

🌐 Internet-Facing: LOW - The vulnerability requires local access and cannot be exploited remotely over the internet.
🏢 Internal Only: HIGH - Local attackers on the same system can exploit this vulnerability without authentication, making it a significant risk for multi-user systems or shared devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept exploit code is publicly available on GitHub, making exploitation straightforward for attackers with local access to vulnerable systems.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

1. Check for updates to AIBattery through the application's update mechanism or official website. 2. If no patch is available, consider uninstalling the application until a fix is released. 3. Monitor the vendor's website or GitHub repository for security updates.

🔧 Temporary Workarounds

Uninstall AIBattery

macOS

Remove the vulnerable application completely to eliminate the attack surface

sudo rm -rf /Applications/AIBattery.app
sudo rm -rf ~/Library/Application\ Support/AIBattery
sudo rm -rf ~/Library/Preferences/com.collweb.AIBattery.plist

Disable AIBatteryHelper Service

macOS

Prevent the vulnerable XPC service from running

sudo launchctl unload /Library/LaunchDaemons/com.collweb.AIBatteryHelper.plist
sudo rm /Library/LaunchDaemons/com.collweb.AIBatteryHelper.plist

🧯 If You Can't Patch

  • Implement strict access controls to limit local user access to systems running AIBattery
  • Monitor system logs for unauthorized access attempts to AIBatteryHelper services

🔍 How to Verify

Check if Vulnerable:

Check AIBattery version in application settings or run: defaults read /Applications/AIBattery.app/Contents/Info.plist CFBundleShortVersionString

Check Version:

defaults read /Applications/AIBattery.app/Contents/Info.plist CFBundleShortVersionString 2>/dev/null || echo 'AIBattery not installed'

Verify Fix Applied:

Verify AIBattery is no longer installed or version is above 1.0.9. Check that com.collweb.AIBatteryHelper service is not running with: launchctl list | grep AIBatteryHelper

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to com.collweb.AIBatteryHelper service in system logs
  • Unexpected process creation related to AIBatteryHelper

Network Indicators:

  • Local XPC communication attempts to AIBatteryHelper service

SIEM Query:

process_name:"AIBatteryHelper" AND (event_type:"process_start" OR event_type:"service_access")

📊 Metadata

CVE ID: CVE-2025-10672
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
EPSS Score: 0.02% exploit probability (4.5th percentile)
Published: September 18, 2025
Last Updated: September 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10672, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)