{"id":"CVE-2025-70341","details":"Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.","modified":"2026-04-10T05:37:01.290849Z","published":"2026-03-04T15:16:12.467Z","references":[{"type":"WEB","url":"https://github.com/App-Auto-Patch/App-Auto-Patch/blob/main/App-Auto-Patch-via-Dialog.zsh"},{"type":"REPORT","url":"https://github.com/App-Auto-Patch/App-Auto-Patch/issues/203"},{"type":"FIX","url":"https://github.com/App-Auto-Patch/App-Auto-Patch/pull/202"},{"type":"EVIDENCE","url":"https://github.com/malvector/CVE-2025-70341"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/app-auto-patch/app-auto-patch","events":[{"introduced":"0"},{"last_affected":"c1a5c8d5b9afb9cd4f315cf3cd62e8077c44b192"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.2"}]}}],"versions":["2.0.0","2.0.0rc1","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.11.0","2.11.1","2.11.2","2.11.3","2.11.4","2.11.5","2.11.6","2.11.7","2.11.8","2.11.9","2.8.1","2.9.0","2.9.2","2.9.3","2.9.4","2.9.5","2.9.7","3.0.0","3.0.0-beta4","3.0.1","3.0.2","3.0.3","3.0.4","3.1.0","3.1.0-beta2","3.1.1","3.1.2","Version_3.2.0","Version_3.2.1","Version_3.2.2","Version_3.3.0","Version_3.4.0","Version_3.4.1","Version_3.4.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-70341.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}