CVE-2025-14979

Published: Jan 6, 2026

Modified: Mar 3, 2026

PUBLISHED

Description

AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.

Vendor	Product	Versions
AirVPN	Eddie	affected `2.24.6`

Weaknesses (CWE)

CWE-732

References

https://fluidattacks.com/advisories/blink182

third-party-advisory

https://eddie.website/

product

https://github.com/AirVPN/Eddie

product

https://airvpn.org/forums/topic/79305-eddie-desktop-edition-225-beta-released/

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-14979

Description

Affected Products

Weaknesses (CWE)

References