CVE-2025-43515 | THREATINT

Description

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-13 | Updated 2025-11-14 | Assigner apple

Problem types

An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code

Product status

Any version before 4.11

affected

References

seclists.org/fulldisclosure/2025/Nov/17

support.apple.com/en-us/125693

cve.org (CVE-2025-43515)

nvd.nist.gov (CVE-2025-43515)

Download JSON