Authorization Misconfiguration in ws.stash.app.mac.daemon.helper from STASH
CVE-2024-7457

7.8HIGH

Key Information:

Vendor: Stash
Status: Stash
Vendor: CVE Published:; 11 June 2025

What is CVE-2024-7457?

The ws.stash.app.mac.daemon.helper tool features a critical authorization misconfiguration that stems from improper usage of macOS’s authorization model. Rather than validating the client's authorization context, the helper utilizes its own elevated root privileges to execute operations. This flaw permits unprivileged clients to perform privileged tasks through XPC, such as manipulating system-wide network settings for SOCKS, HTTP, and HTTPS proxies. Additionally, inadequate code-signing verifications expose the system to exploitation, allowing malicious actors to orchestrate man-in-the-middle attacks via traffic redirection.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Stash MacOS 0

References

https://pentraze.com/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2025

JSON

Stash

What is CVE-2024-7457?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.