Platform
macos
Component
microsoft-autoupdate
Fixed in
4.78
CVE-2025-29800 describes a privilege escalation vulnerability within Microsoft AutoUpdate (MAU) for macOS. This flaw allows an authenticated attacker to elevate their privileges locally, potentially gaining control over the system. The vulnerability impacts versions 4.0.0 through 4.78, and a patch is available in version 4.78.
Successful exploitation of CVE-2025-29800 allows an attacker who already has some level of access to a macOS system to escalate their privileges to a higher level, most likely local administrator. This grants them the ability to install software, modify system settings, access sensitive data, and potentially compromise the entire system. The impact is particularly severe because MAU is a widely used component for updating Microsoft software, increasing the potential attack surface. While the vulnerability requires authentication, the ease of privilege escalation once authentication is achieved makes it a significant risk.
CVE-2025-29800 was publicly disclosed on April 8, 2025. As of this date, no public proof-of-concept (PoC) code has been released. The EPSS score is pending evaluation, but given the nature of privilege escalation vulnerabilities and the widespread use of MAU, it is likely to be assessed as medium to high probability. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.52% (67% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-29800 is to upgrade Microsoft AutoUpdate to version 4.78 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing stricter access controls and monitoring MAU processes for suspicious activity. While a direct workaround is unavailable, restricting user privileges and employing robust endpoint detection and response (EDR) solutions can help detect and prevent exploitation attempts. After upgrading, confirm the update by verifying the MAU version through the Microsoft Update settings in System Preferences.
Update Microsoft AutoUpdate to version 4.78 or later. The update can be performed through the Microsoft AutoUpdate application itself or by downloading the latest version from the Microsoft website. This corrects the privilege escalation vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-29800 is a privilege escalation vulnerability affecting Microsoft AutoUpdate (MAU) on macOS, allowing an authenticated attacker to gain local administrator privileges.
You are affected if you are running Microsoft AutoUpdate on macOS versions 4.0.0 through 4.78. Check your version and upgrade accordingly.
Upgrade Microsoft AutoUpdate to version 4.78 or later to resolve the vulnerability. This is the primary and recommended mitigation.
As of April 8, 2025, there are no confirmed reports of active exploitation, but the vulnerability's nature warrants caution.
Refer to the official Microsoft Security Update Guide for CVE-2025-29800: [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29800](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29800)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.