module
Remote for Mac Unauthenticated RCE
| Disclosed |
|---|
| May 27, 2025 |
Disclosed
May 27, 2025
Description
This module exploits an unauthenticated remote code execution vulnerability in
Remote for Mac versions up to and including 2025.7 via the /api/executeScript endpoint.
When authentication is disabled on the target system, it allows attackers to execute
arbitrary AppleScript commands, which can include shell commands via `do shell script`.
All versions up to 2025.7 (including patch versions) are vulnerable.
Remote for Mac versions up to and including 2025.7 via the /api/executeScript endpoint.
When authentication is disabled on the target system, it allows attackers to execute
arbitrary AppleScript commands, which can include shell commands via `do shell script`.
All versions up to 2025.7 (including patch versions) are vulnerable.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.