CVE-2025-0396

Source
https://cve.org/CVERecord?id=CVE-2025-0396
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0396.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-0396
Published
2025-01-12T12:00:15.952Z
Modified
2026-07-15T01:49:18.071158587Z
Severity
  • 8.5 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
exelban stats XPC Service shouldAcceptNewConnection command injection
Details

A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component.

Database specific
{
    "cwe_ids": [
        "CWE-74",
        "CWE-77"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/0xxx/CVE-2025-0396.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/exelban/stats

Affected ranges

Type
GIT
Repo
https://github.com/exelban/stats
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.11.0"
        },
        {
            "last_affected": "2.11.0"
        },
        {
            "introduced": "2.11.1"
        },
        {
            "last_affected": "2.11.1"
        },
        {
            "introduced": "2.11.2"
        },
        {
            "last_affected": "2.11.2"
        },
        {
            "introduced": "2.11.3"
        },
        {
            "last_affected": "2.11.3"
        },
        {
            "introduced": "2.11.4"
        },
        {
            "last_affected": "2.11.4"
        },
        {
            "introduced": "2.11.5"
        },
        {
            "last_affected": "2.11.5"
        },
        {
            "introduced": "2.11.6"
        },
        {
            "last_affected": "2.11.6"
        },
        {
            "introduced": "2.11.7"
        },
        {
            "last_affected": "2.11.7"
        },
        {
            "introduced": "2.11.8"
        },
        {
            "last_affected": "2.11.8"
        },
        {
            "introduced": "2.11.9"
        },
        {
            "last_affected": "2.11.9"
        },
        {
            "introduced": "2.11.10"
        },
        {
            "last_affected": "2.11.10"
        },
        {
            "introduced": "2.11.11"
        },
        {
            "last_affected": "2.11.11"
        },
        {
            "introduced": "2.11.12"
        },
        {
            "last_affected": "2.11.12"
        },
        {
            "introduced": "2.11.13"
        },
        {
            "last_affected": "2.11.13"
        },
        {
            "introduced": "2.11.14"
        },
        {
            "last_affected": "2.11.14"
        },
        {
            "introduced": "2.11.15"
        },
        {
            "last_affected": "2.11.15"
        },
        {
            "introduced": "2.11.16"
        },
        {
            "last_affected": "2.11.16"
        },
        {
            "introduced": "2.11.17"
        },
        {
            "last_affected": "2.11.17"
        },
        {
            "introduced": "2.11.18"
        },
        {
            "last_affected": "2.11.18"
        },
        {
            "introduced": "2.11.19"
        },
        {
            "last_affected": "2.11.19"
        },
        {
            "introduced": "2.11.20"
        },
        {
            "last_affected": "2.11.20"
        },
        {
            "introduced": "2.11.21"
        },
        {
            "last_affected": "2.11.21"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.11.0
2.11.1
2.11.10
2.11.11
2.11.12
2.11.13
2.11.14
2.11.15
2.11.16
2.11.17
2.11.18
2.11.19
2.11.2
2.11.20
2.11.21
2.11.3
2.11.4
2.11.5
2.11.6
2.11.7
2.11.8
2.11.9
v2.*
v2.11.0
v2.11.1
v2.11.10
v2.11.11
v2.11.12
v2.11.13
v2.11.14
v2.11.15
v2.11.16
v2.11.17
v2.11.18
v2.11.19
v2.11.2
v2.11.20
v2.11.21
v2.11.3
v2.11.4
v2.11.5
v2.11.6
v2.11.7
v2.11.8
v2.11.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0396.json"