Cyber Posture

CVE-2025-14979

HighPublic PoCLPE

Published: 06 January 2026

Published
06 January 2026
Modified
09 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14979 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Airvpn Eddie. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match
prevent

Enforces least privilege to prevent unprivileged local users from escalating to root via the insecure XPC service.

CM-6 Configuration Settings good match
prevent

Ensures secure configuration settings for critical resources like the XPC service to correct improper permission assignments (CWE-732).

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through patching, as provided in AirVPN Eddie 2.25 beta, to eliminate the privilege escalation vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Insecure XPC service with incorrect permissions (CWE-732) directly enables local exploitation for privilege escalation to root on macOS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.

Deeper analysisAI

CVE-2025-14979 affects AirVPN Eddie version 2.24.6 on macOS, where an insecure XPC service enables local privilege escalation. Specifically, the vulnerability, tied to CWE-732 (Incorrect Permission Assignment for Critical Resource), allows unprivileged users to gain root access. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact with local access required.

A local attacker with low privileges can exploit the insecure XPC service to elevate to root privileges, achieving high confidentiality, integrity, and availability impacts. This grants full system compromise, such as executing arbitrary code, modifying critical files, or disrupting services.

Advisories reference a patch in Eddie Desktop Edition 2.25 beta, released via AirVPN forums. Further details appear in Fluid Attacks' advisory (blink182), the Eddie website, and the AirVPN Eddie GitHub repository.

Details

CWE(s)
CWE-732

Affected Products

airvpn
eddie
2.24.6

CVEs Like This One

CVE-2026-24834Shared CWE-732
CVE-2025-12985Shared CWE-732
CVE-2025-21325Shared CWE-732
CVE-2024-55411Shared CWE-732
CVE-2025-22454Shared CWE-732
CVE-2026-22768Shared CWE-732
CVE-2026-2637Shared CWE-732
CVE-2025-27688Shared CWE-732
CVE-2025-21571Shared CWE-732
CVE-2025-14604Shared CWE-732

References