Canonical Multipass vulnerabilities

CVE-2025-5199 [HIGH] CWE-276 CVE-2025-5199: In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions al In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.

CVE-2021-3626 [HIGH] CWE-73 CVE-2021-3626: The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.

CVE-2021-3747 [HIGH] CWE-732 CVE-2021-3747: The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the applicatio The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.