CVE-2025-14979
📋 TL;DR
AirVPN Eddie on macOS contains an insecure XPC service that allows local, unprivileged users to escalate privileges to root. This affects Eddie version 2.24.6 on macOS systems. Attackers with local access can gain full system control.
💻 Affected Systems
- AirVPN Eddie
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains full root privileges, enabling complete system compromise, data theft, persistence installation, and lateral movement.
Likely Case
Malicious local user or malware escalates privileges to install backdoors, steal credentials, or disable security controls.
If Mitigated
With proper access controls and monitoring, impact limited to isolated systems with quick detection and remediation.
🎯 Exploit Status
Exploit details published in advisory. Requires local user access but trivial to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor for updated version
Vendor Advisory: https://eddie.website/
Restart Required: Yes
Instructions:
1. Check Eddie website for security updates. 2. Download and install latest version. 3. Restart system. 4. Verify Eddie service is updated.
🔧 Temporary Workarounds
Disable Eddie XPC Service
macosTemporarily disable vulnerable XPC service until patch applied
sudo launchctl unload /Library/LaunchDaemons/com.eddie.client.service.plist
sudo rm /Library/LaunchDaemons/com.eddie.client.service.plist
Remove Eddie
macosUninstall vulnerable Eddie version completely
sudo /Applications/Eddie.app/Contents/Resources/uninstall.sh
sudo rm -rf /Applications/Eddie.app
🧯 If You Can't Patch
- Restrict local user access to affected systems
- Implement strict privilege separation and monitor for privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Eddie version: Open Eddie → About. If version is 2.24.6, system is vulnerable.Check Version:
defaults read /Applications/Eddie.app/Contents/Info.plist CFBundleShortVersionStringVerify Fix Applied:
Verify Eddie version is updated beyond 2.24.6 and XPC service permissions are properly restricted.📡 Detection & Monitoring
Log Indicators:
- Unauthorized privilege escalation attempts
- XPC service abuse logs
- Sudden root privilege acquisition by non-admin users
Network Indicators:
- None (local exploit only)
SIEM Query:
process_name="Eddie" AND event_type="privilege_escalation" OR parent_process="launchd" AND child_process="sh"