Vulnerabilites related to exelban - stats
CVE-2025-0396 (GCVE-0-2025-0396)
Vulnerability from cvelistv5
Published
2025-01-12 12:00
Modified
2025-01-13 15:18
Severity ?
8.5 (High) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.291269 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.291269 | signature, permissions-required | |
| https://vuldb.com/?submit.473229 | third-party-advisory | |
| https://winslow1984.com/books/cve-collection/page/stats-v21122-local-privilege-escalation | related | |
| https://github.com/exelban/stats/releases/tag/v2.11.22 | patch |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| exelban | stats |
Version: 2.11.0 Version: 2.11.1 Version: 2.11.2 Version: 2.11.3 Version: 2.11.4 Version: 2.11.5 Version: 2.11.6 Version: 2.11.7 Version: 2.11.8 Version: 2.11.9 Version: 2.11.10 Version: 2.11.11 Version: 2.11.12 Version: 2.11.13 Version: 2.11.14 Version: 2.11.15 Version: 2.11.16 Version: 2.11.17 Version: 2.11.18 Version: 2.11.19 Version: 2.11.20 Version: 2.11.21 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0396",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T15:17:48.258270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T15:18:12.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"XPC Service"
],
"product": "stats",
"vendor": "exelban",
"versions": [
{
"status": "affected",
"version": "2.11.0"
},
{
"status": "affected",
"version": "2.11.1"
},
{
"status": "affected",
"version": "2.11.2"
},
{
"status": "affected",
"version": "2.11.3"
},
{
"status": "affected",
"version": "2.11.4"
},
{
"status": "affected",
"version": "2.11.5"
},
{
"status": "affected",
"version": "2.11.6"
},
{
"status": "affected",
"version": "2.11.7"
},
{
"status": "affected",
"version": "2.11.8"
},
{
"status": "affected",
"version": "2.11.9"
},
{
"status": "affected",
"version": "2.11.10"
},
{
"status": "affected",
"version": "2.11.11"
},
{
"status": "affected",
"version": "2.11.12"
},
{
"status": "affected",
"version": "2.11.13"
},
{
"status": "affected",
"version": "2.11.14"
},
{
"status": "affected",
"version": "2.11.15"
},
{
"status": "affected",
"version": "2.11.16"
},
{
"status": "affected",
"version": "2.11.17"
},
{
"status": "affected",
"version": "2.11.18"
},
{
"status": "affected",
"version": "2.11.19"
},
{
"status": "affected",
"version": "2.11.20"
},
{
"status": "affected",
"version": "2.11.21"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "winslow1984 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in exelban stats bis 2.11.21 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion shouldAcceptNewConnection der Komponente XPC Service. Dank der Manipulation mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Ein Aktualisieren auf die Version 2.11.22 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-12T12:00:15.952Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-291269 | exelban stats XPC Service shouldAcceptNewConnection command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.291269"
},
{
"name": "VDB-291269 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.291269"
},
{
"name": "Submit #473229 | https://github.com/exelban Stats \u003c v2.11.22 Local Privilege Escalation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.473229"
},
{
"tags": [
"related"
],
"url": "https://winslow1984.com/books/cve-collection/page/stats-v21122-local-privilege-escalation"
},
{
"tags": [
"patch"
],
"url": "https://github.com/exelban/stats/releases/tag/v2.11.22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-01-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-01-11T20:22:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "exelban stats XPC Service shouldAcceptNewConnection command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-0396",
"datePublished": "2025-01-12T12:00:15.952Z",
"dateReserved": "2025-01-11T19:17:10.958Z",
"dateUpdated": "2025-01-13T15:18:12.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21606 (GCVE-0-2025-21606)
Vulnerability from cvelistv5
Published
2025-01-17 20:10
Modified
2025-02-12 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execute arbitrary code with root privileges. This issue has been addressed in version 2.11.21 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/exelban/stats/security/advisories/GHSA-qwhf-px96-7f6v | x_refsource_CONFIRM | |
| https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21606",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T21:05:39.142931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:25.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "stats",
"vendor": "exelban",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user\u2019s device and execute arbitrary code with root privileges. This issue has been addressed in version 2.11.21 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T20:10:05.277Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/exelban/stats/security/advisories/GHSA-qwhf-px96-7f6v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/exelban/stats/security/advisories/GHSA-qwhf-px96-7f6v"
},
{
"name": "https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc"
}
],
"source": {
"advisory": "GHSA-qwhf-px96-7f6v",
"discovery": "UNKNOWN"
},
"title": "Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-21606",
"datePublished": "2025-01-17T20:10:05.277Z",
"dateReserved": "2024-12-29T03:00:24.712Z",
"dateUpdated": "2025-02-12T20:31:25.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}