CVE-2025-65843 – Aquarius Desktop 3.0.069 for macOS contains an ... (How to Fix)

📋 TL;DR

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability where the application follows symbolic links when creating support data archives. This allows local attackers to read or modify arbitrary files on the system, potentially including root-owned files when combined with a privilege escalation issue. Only macOS users running Aquarius Desktop 3.0.069 are affected.

💻 Affected Systems

Products:

Aquarius Desktop

Versions: 3.0.069

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS version. Vulnerability exists in default configuration when support data archive feature is used.

📦 What is this software?

Aquarius by Acustica Audio

View all CVEs affecting Aquarius →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via unauthorized disclosure of sensitive files (including root-owned files when chained with privilege escalation) and potential arbitrary file modification leading to system instability or persistence.

🟠

Likely Case

Local attacker gains unauthorized access to user files, configuration files, or sensitive application data stored in accessible locations.

🟢

If Mitigated

Limited impact to non-sensitive files in user-accessible directories if proper file permissions are configured.

🌐 Internet-Facing: LOW - This is a local file system vulnerability requiring local access to the target system.

🏢 Internal Only: HIGH - Any local user on a macOS system running the vulnerable software can exploit this to access files belonging to other users or the system.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access to create symbolic links in ~/Library/Logs/Aquarius directory. Technical details are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check vendor website for security updates
2. If patch available, download and install updated version
3. Verify symlink following behavior is fixed

🔧 Temporary Workarounds

Remove write permissions from logs directory

all

Prevents attackers from creating symbolic links in the vulnerable directory

chmod -R a-w ~/Library/Logs/Aquarius

Monitor and restrict symlink creation

all

Use file integrity monitoring to detect symlink creation in vulnerable directory

🧯 If You Can't Patch

Uninstall Aquarius Desktop 3.0.069 until patch is available
Implement strict file permissions and monitor ~/Library/Logs/Aquarius directory for symlink creation

🔍 How to Verify

Check if Vulnerable:

Check if Aquarius Desktop version is 3.0.069 on macOS. Test by creating a symlink in ~/Library/Logs/Aquarius and checking if it's followed during support archive generation.

Check Version:

Check application About menu or package metadata

Verify Fix Applied:

After update, test that symlinks in ~/Library/Logs/Aquarius are no longer followed during support archive generation.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from Aquarius process
Access to files outside expected log directories

Network Indicators:

None - this is a local file system vulnerability

SIEM Query:

Process:aquarius AND (FileAccess:~/Library/Logs/Aquarius/* OR FileAccess:unexpected_paths)

📊 Metadata

CVE ID: CVE-2025-65843

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-59

EPSS Score: 0.03% exploit probability (9.7th percentile)

Published: December 3, 2025

Last Updated: December 18, 2025

🔗 References

https://almightysec.com/insecure-file-handling-via-symlink/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65843, you might also want to check these: