Privilege Escalation Vulnerability in Pearcleaner by Alienator88
CVE-2025-54595

7.3HIGH

Key Information:

Vendor

Alienator88

Status
Pearcleaner
Vendor
CVE Published:
1 August 2025

What is CVE-2025-54595?

A vulnerability within the Pearcleaner application permits local unprivileged users to escalate their privileges to root level after the PearcleanerHelper has been approved and activated. This occurs due to the helper's XPC service, which accepts unauthenticated connections, allowing arbitrary shell command execution by local processes. The issue has been addressed in version 4.5.2, emphasizing the importance of updating to enhance system security.

Affected Version(s)

Pearcleaner >= 4.4.0, < 4.5.2

References

https://github.com/alienator88/Pearcleaner/security/advis...
x_refsource_CONFIRM
https://github.com/alienator88/Pearcleaner/issues/278
x_refsource_MISC
https://github.com/alienator88/Pearcleaner/commit/69afadf...
x_refsource_MISC

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.