Executive Summary
During an internal security review, a local privilege escalation vulnerability was identified in Netwrix Endpoint Policy Manager MacOS Cloud Client’s SUDO policy feature which may allow an attacker to execute arbitrary commands as root.
While Netwrix is unaware of any current exploitation of these vulnerabilities, all Netwrix Endpoint Policy Manager MacOS Cloud Client customers, that have applied SUDO policies to endpoints, are advised to apply the available solution immediately.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Improper Privilege Management - Local Privilege Escalation | Netwrix Endpoint Policy Manager MacOS Cloud Client | >=1.0.0.0 <25.10.183 | 7.3 | 7.8 / 6.8 | Netwrix Endpoint Policy Manager MacOS Cloud Client’s SUDO policy feature does not correct manage the privilege elevation process used by the feature. Under specific policy conditions this may allow an attacker with local, low privileged access to an endpoint, who is able to defeat a race condition, to execute arbitrary commands as root. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Improper Privilege Management - Local Privilege Escalation | No | No | No |
Solution
All Netwrix Endpoint Policy Manager MacOS Cloud Client customers, that have applied SUDO policies to endpoints, are advised to apply the available update immediately. This update is essential to remediating risk from the described vulnerabilities.
The update to the MacOS installer is available in the Netwrix Endpoint Policy Manager Portal in the Computer Details section under “Download Netwrix Endpoint Policy Manager Cloud Client for MacOS Installer.”
Following the upgrade, customers must replace all SUDO policies with equivalent SUDOERs policies to fully remediate the vulnerability.
Instruction on the SUDOERs policy type are available here.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Title | Version |
|---|---|
| Authorization Bypass - Client-Side Security Controls | 25.10.183 |
FAQ
-
How do I determine which version of Netwrix Endpoint Policy Manager MacOS Cloud Client is in use?
The version is available by clicking on the Netwrix Endpoint Policy Manager MacOS Cloud Client status bar icon.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-10-28T12:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.