CVE-2025-0396
📋 TL;DR
This critical vulnerability in exelban stats allows local attackers to execute arbitrary commands through command injection in the XPC Service component. It affects users of stats versions up to 2.11.21 on macOS systems. Successful exploitation could lead to local privilege escalation.
💻 Affected Systems
- exelban stats
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root privileges, installs persistent malware, accesses sensitive data, and compromises the entire system.
Likely Case
Local user or malware with user-level access escalates privileges to install additional payloads, modify system settings, or access protected resources.
If Mitigated
Attack limited to user-level operations if proper privilege separation and sandboxing are in place, but command injection still possible.
🎯 Exploit Status
Requires local access and knowledge of command injection techniques; no public exploit code identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.11.22
Vendor Advisory: https://github.com/exelban/stats/releases/tag/v2.11.22
Restart Required: No
Instructions:
1. Open stats application. 2. Check for updates in settings or about menu. 3. Download and install version 2.11.22 from GitHub releases. 4. Restart the application if prompted.
🔧 Temporary Workarounds
Disable stats XPC Service
macOSTemporarily disable the vulnerable XPC Service component to prevent exploitation
sudo launchctl unload /Library/LaunchDaemons/com.exelban.stats.plist
sudo rm /Library/LaunchDaemons/com.exelban.stats.plist
🧯 If You Can't Patch
- Uninstall stats completely until patching is possible
- Implement strict local access controls and monitor for suspicious process execution
🔍 How to Verify
Check if Vulnerable:
Check stats version in application settings or via 'defaults read /Applications/stats.app/Contents/Info.plist CFBundleShortVersionString'Check Version:
defaults read /Applications/stats.app/Contents/Info.plist CFBundleShortVersionStringVerify Fix Applied:
Confirm version is 2.11.22 or higher using the same command📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from stats XPC Service
- Command injection patterns in system logs
- Privilege escalation attempts
Network Indicators:
- Local inter-process communication anomalies
SIEM Query:
process.name:stats AND (process.args:*;* OR process.args:*|* OR process.args:*`*)