Local Privilege Escalation in iStats by Bjango
CVE-2025-11921

9.3CRITICAL

Key Information:

Vendor: Bjango
Status: Istats
Vendor: CVE Published:; 24 November 2025

What is CVE-2025-11921?

iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root through command injection techniques. This vulnerability primarily affects the version 7.10.4 of iStats, enabling attackers to exploit the weakness and gain unauthorized control over system resources. Users are advised to update to version 7.10.6 or later to mitigate this security risk.