CVE-2025-14979

HIGH

AirVPN Eddie <2.24.6 - Privilege Escalation

Title source: llm

Description

AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.

References (4)

[Various Sources] https://eddie.website/

[Various Sources] https://fluidattacks.com/advisories/blink182

[Various Sources] https://github.com/AirVPN/Eddie

[Various Sources] https://airvpn.org/forums/topic/79305-eddie-desktop-edition-225-beta-released/

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 3.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (2)

airvpn/eddie 2.24.6

AirVPN/Eddie 2.24.6

Published Jan 06, 2026

Tracked Since Feb 18, 2026