CVE-2025-0396

exelban stats XPC Service shouldAcceptNewConnection command injection

CVSS 8.5 HIGHEPSS 1.0%CWE-74 CWE-77

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.5EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

12 Jan 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

exelban · stats

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/exelban/stats/releases/tag/v2.11.22 https://vuldb.com/?ctiid.291269 https://vuldb.com/?id.291269 https://vuldb.com/?submit.473229 https://winslow1984.com/books/cve-collection/page/stats-v21122-local-privilege-escalation