CVE-2025-11921

EUVD-2025-198806
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Common Weakness Enumeration
References
https://bjango.com/mac/istatmenus/
https://cdn.istatmenus.app/files/istatmenus7/versions/iStatMenus7.10.6.zip
https://fluidattacks.com/advisories/muse