Vulnerability Database

315,362

Total vulnerabilities in the database

CVE-2025-11921

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4.

Published: Nov 24, 2025
Updated: Nov 25, 2025
CVE: CVE-2025-11921
Exploit:

No technical information available.

CWEs:

CWE-77
CWE-732

OWASP TOP 10:

A1 - Injection

Affected Software
References

No affected software listed.

https://bjango.com/mac/istatmenus/
https://cdn.istatmenus.app/files/istatmenus7/versions/iStatMenus7.10.6.zip
https://fluidattacks.com/advisories/muse

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo