CVE-2025-65841 – Aquarius Desktop 3.0.069 for macOS stores user ... (How to Fix)

Q: What is the severity of CVE-2025-65841?

CVE-2025-65841 has a CVSS score of 6.2 (MEDIUM). Aquarius Desktop 3.0.069 for macOS stores user credentials in a local file using weak obfuscation that can be easily reversed, allowing attackers who can read the file to fully compromise the victim's account. This leads to complete account takeover, unauthorized access to cloud-synchronized data, and authenticated actions as the user. All macOS users running this specific version are affected.

📋 TL;DR

Aquarius Desktop 3.0.069 for macOS stores user credentials in a local file using weak obfuscation that can be easily reversed, allowing attackers who can read the file to fully compromise the victim's account. This leads to complete account takeover, unauthorized access to cloud-synchronized data, and authenticated actions as the user. All macOS users running this specific version are affected.

💻 Affected Systems

Products:

Aquarius Desktop

Versions: 3.0.069

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS version 3.0.069. The vulnerability exists in the default configuration where credentials are stored locally.

📦 What is this software?

Aquarius by Acustica Audio

View all CVEs affecting Aquarius →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover leading to unauthorized access to all cloud-synchronized data, ability to perform authenticated actions as the victim, and potential data theft or manipulation.

🟠

Likely Case

Local attackers or malware with file read access can steal credentials and compromise the Aquarius account, accessing synchronized data and performing actions as the user.

🟢

If Mitigated

With proper file permissions and endpoint security, only privileged users or malware with elevated access could exploit this vulnerability.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: MEDIUM with brief explanation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local file read access. The weak obfuscation scheme is trivial to reverse according to the description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check vendor websites (acustica.com, aquarius.com) for security updates. If no patch is available, consider discontinuing use until a fix is released.

🔧 Temporary Workarounds

Remove or secure settings file

macOS

Delete or restrict permissions on the vulnerable settings file to prevent credential theft

rm ~/Library/Application\ Support/Aquarius/aquarius.settings
chmod 600 ~/Library/Application\ Support/Aquarius/aquarius.settings

Use application sandboxing

macOS

Run Aquarius Desktop in a sandboxed environment to limit file access

🧯 If You Can't Patch

Discontinue use of Aquarius Desktop 3.0.069 on macOS until a patched version is available
Implement strict file permissions and monitor for unauthorized access to the settings file location

🔍 How to Verify

Check if Vulnerable:

Check if ~/Library/Application Support/Aquarius/aquarius.settings exists and contains obfuscated credentials. Examine the file for password-like data.

Check Version:

Check Aquarius Desktop application version in About menu or application info

Verify Fix Applied:

Verify the settings file no longer contains obfuscated credentials or has been removed/restricted. Check for updated version from vendor.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to ~/Library/Application Support/Aquarius/ directory
Unexpected authentication from new locations

Network Indicators:

Unusual API calls or data synchronization patterns from user account

SIEM Query:

file_access:path="*/Library/Application Support/Aquarius/aquarius.settings" AND user!=authorized_user

📊 Metadata

CVE ID: CVE-2025-65841

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-284

EPSS Score: 0.07% exploit probability (22th percentile)

Published: December 3, 2025

Last Updated: December 18, 2025

🔗 References

http://acustica.com Not Applicable
http://aquarius.com Broken Link
https://almightysec.com/account-takeover-via-weak-encryption/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65841, you might also want to check these: