CVE-2025-2098 HIGH

CVE-2025-2098: Dylib Hijacking in Fast CAD Reader

Vendor Beijing Honghu Yuntu Technology
Product Fast CAD Reader
Weakness CWE-732
Published March 26, 2025
Last update October 3, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects Fast CAD Reader in possibly all versions since the vendor has not responded to our messages. The tested version was 4.1.5

Key dates

02Disclosure timeline

March 26, 2025 CVE published
October 3, 2025 Record updated