{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T20:34:15.304","vulnerabilities":[{"cve":{"id":"CVE-2025-21606","sourceIdentifier":"security-advisories@github.com","published":"2025-01-17T21:15:11.420","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execute arbitrary code with root privileges. This issue has been addressed in version 2.11.21 and all users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"stats es un monitor macOS sistema para la barra de menú. La aplicación Stats es vulnerable a una escalada de privilegios locales debido a la implementación insegura de su servicio XPC. La aplicación registra un servicio Mach con el nombre `eu.exelban.Stats.SMC.Helper`. El binario asociado, eu.exelban.Stats.SMC.Helper, es una herramienta auxiliar privilegiada diseñada para ejecutar acciones que requieren privilegios elevados en nombre del cliente, como configurar los modos del ventilador, ajustar las velocidades del ventilador y ejecutar el comando `powermetrics`. La causa raíz de esta vulnerabilidad radica en el método `shouldAcceptNewConnection`, que devuelve incondicionalmente YES (o true), lo que permite que cualquier cliente XPC se conecte al servicio sin ningún tipo de verificación. Como resultado, los clientes no autorizados pueden establecer una conexión con el servicio Mach e invocar métodos expuestos por la interfaz HelperTool. Un atacante puede explotar esta vulnerabilidad para modificar la configuración de hardware del dispositivo del usuario y ejecutar código arbitrario con privilegios de superusario. Este problema se ha solucionado en la versión 2.11.21 y se recomienda a todos los usuarios que actualicen la versión. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"}]}],"references":[{"url":"https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc","source":"security-advisories@github.com"},{"url":"https://github.com/exelban/stats/security/advisories/GHSA-qwhf-px96-7f6v","source":"security-advisories@github.com"}]}}]}