A path traversal vulnerability was discovered in usbmuxd, a multiplexor daemon used to coordinate USB connections from and to Apple devices (iPhone, iPad, iPod). Exploiting this vulnerability enables an unprivileged user to create and delete files named `*.plist` (and, in some cases, arbitrarily named) as the user

Source: Debian usbmuxd DSA-6125-1 Path Traversal Risk CVE-2025-66004