{"id":"OESA-2026-1556","summary":"usbmuxd security update","details":"usbmuxd is a socket daemon to multiplex connections from and to iOS devices.It allows multiple services on the device to be accessed simultaneously.\r\n\r\nSecurity Fix(es):\n\nA Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.(CVE-2025-66004)","modified":"2026-03-15T06:18:46.544403Z","published":"2026-03-15T05:53:12Z","upstream":["CVE-2025-66004"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1556"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66004"}],"affected":[{"package":{"name":"usbmuxd","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/usbmuxd&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-17.oe2003sp4"}]}],"ecosystem_specific":{"src":["usbmuxd-1.1.0-17.oe2003sp4.src.rpm"],"aarch64":["usbmuxd-1.1.0-17.oe2003sp4.aarch64.rpm","usbmuxd-debuginfo-1.1.0-17.oe2003sp4.aarch64.rpm","usbmuxd-debugsource-1.1.0-17.oe2003sp4.aarch64.rpm","usbmuxd-help-1.1.0-17.oe2003sp4.aarch64.rpm"],"x86_64":["usbmuxd-1.1.0-17.oe2003sp4.x86_64.rpm","usbmuxd-debuginfo-1.1.0-17.oe2003sp4.x86_64.rpm","usbmuxd-debugsource-1.1.0-17.oe2003sp4.x86_64.rpm","usbmuxd-help-1.1.0-17.oe2003sp4.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-1556.json"}}],"schema_version":"1.7.5"}