Speedify VPN Vulnerability on macOS Exposes Users to System Takeover

A major security flaw in the Speedify VPN application for macOS, tracked as CVE-2025-25364, has exposed millions of users to the risk of complete system compromise.

Researchers at SecureLayer7 discovered the vulnerability in Speedify’s privileged helper tool. It could potentially allow local attackers to execute arbitrary commands as root and take total control of affected systems.

CVE-2025-25364: A Critical Command Injection Vulnerability

The root of the problem lies within the me.connectify.SMJobBlessHelper XPC service—a helper tool that runs with elevated (root) privileges to perform system-level network operations for Speedify.

This service, installed as a privileged daemon via /Library/PrivilegedHelperTools/me.connectify.SMJobBlessHelper, is configured to receive and process commands from the main Speedify app via Apple’s XPC messaging system.