CVE-2025-61229 – A local privilege escalation vulnerability in S... (How to Fix)

Q: What is the severity of CVE-2025-61229?

CVE-2025-61229 has a CVSS score of 7.8 (HIGH). A local privilege escalation vulnerability in SuperDuper! backup software allows attackers to modify task templates and execute arbitrary scripts with root privileges and Full Disk Access. This bypasses macOS privacy controls like TCC (Transparency, Consent, and Control). Affects all users running SuperDuper! 3.10 and earlier on macOS systems.

📋 TL;DR

A local privilege escalation vulnerability in SuperDuper! backup software allows attackers to modify task templates and execute arbitrary scripts with root privileges and Full Disk Access. This bypasses macOS privacy controls like TCC (Transparency, Consent, and Control). Affects all users running SuperDuper! 3.10 and earlier on macOS systems.

💻 Affected Systems

Products:

SuperDuper!

Versions: 3.10 and earlier

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires SuperDuper! to be installed and configured with task templates. The vulnerability exists in how the software handles preflight script execution.

📦 What is this software?

Superduper\! by Shirt Pocket

View all CVEs affecting Superduper\! →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise - attacker gains root access, can install persistent malware, access all files including encrypted data, and bypass all macOS security controls.

🟠

Likely Case

Local attacker gains root privileges and Full Disk Access, enabling data theft, surveillance, and installation of backdoors.

🟢

If Mitigated

Limited impact if proper access controls prevent local users from modifying SuperDuper! configuration files.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.

🏢 Internal Only: HIGH - Any local user (including malicious insiders or compromised accounts) can exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to modify SuperDuper! task templates. The attack vector is straightforward once an attacker has local access to the system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.11

Vendor Advisory: https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_security_update_v311/

Restart Required: No

Instructions:

1. Open SuperDuper! 2. Check for updates via the application menu 3. Download and install version 3.11 4. Verify installation by checking version number

🔧 Temporary Workarounds

Remove SuperDuper! task templates

all

Delete or secure SuperDuper! task template files to prevent modification

sudo rm -rf ~/Library/Application\ Support/SuperDuper!/Scheduled\ Copies/*.sdTask

Restrict access to SuperDuper! configuration

all

Set strict permissions on SuperDuper! configuration directories

sudo chmod 700 ~/Library/Application\ Support/SuperDuper!/
sudo chown root:wheel ~/Library/Application\ Support/SuperDuper!/Scheduled\ Copies/

🧯 If You Can't Patch

Uninstall SuperDuper! if not essential for operations
Implement strict access controls to prevent local users from modifying application files

🔍 How to Verify

Check if Vulnerable:

Check SuperDuper! version: if version is 3.10 or earlier, system is vulnerable

Check Version:

defaults read /Applications/SuperDuper!.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify SuperDuper! version is 3.11 or later

📡 Detection & Monitoring

Log Indicators:

Unauthorized modifications to SuperDuper! task template files
Unexpected root privilege escalation from SuperDuper! processes
Execution of suspicious scripts from SuperDuper! context

Network Indicators:

None - this is a local privilege escalation

SIEM Query:

process_name:"SuperDuper!" AND parent_process_name:"sh" OR process_name:"sh" AND parent_process_name:"SuperDuper!"

📊 Metadata

CVE ID: CVE-2025-61229

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

EPSS Score: 0.02% exploit probability (3.1th percentile)

Published: December 1, 2025

Last Updated: December 8, 2025

🔗 References

http://shirt.com Not Applicable
https://shirt-pocket.com/SuperDuper/SuperDuperDescription.html Product
https://www.shirtpocket.com/blog/index.php/shadedgrey/comments/superduper_security_update_v311/ Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61229, you might also want to check these: