What is CVE-2025-34089?

CVE-2025-34089 is a vulnerability in Aexol Studio Remote For Mac, classified under Missing Authentication for Critical Function. Published 2025-07-03.

Is CVE-2025-34089 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Aexol Studio Remote For Mac

CVE-2025-34089

An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disab…

Vulnerability class: Broken Authentication

EPSS: 0.661 (98.5th percentile) — read the EPSS interpretation.

Affected products

Aexol Studio Remote For Mac — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/o… (exploit)
www.rapid7.com/db/modules/exploit/osx/http/remote_for_mac_rce/ (third-party-advisory)
apps.apple.com/us/app/remote-for-mac/id1086962925 (product)
packetstorm.news/files/id/195347 (exploit)
vulncheck.com/advisories/remote-for-mac-rce (third-party-advisory)

Frequently asked questions

What is CVE-2025-34089?: CVE-2025-34089 is a vulnerability in Aexol Studio Remote For Mac, classified under Missing Authentication for Critical Function. Published 2025-07-03.
Is CVE-2025-34089 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.