PT-2025-3867 · Unknown · Exelban Stats
Winslow1984
·
Published
2025-01-12
·
Updated
2025-01-16
·
CVE-2025-0396
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
exelban stats versions up to 2.11.21
Description
A critical issue has been found in the
shouldAcceptNewConnection function of the XPC Service component, leading to command injection. This issue can be exploited locally.Recommendations
For versions up to 2.11.21, upgrade to version 2.11.22 to address this issue. As a temporary workaround, consider disabling the
shouldAcceptNewConnection function until a patch is available.Fix
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Exelban Stats