CVE-2024-7457 HIGH

CVE-2024-7457: macOS Stash network-management utility: Unauthorized Manipulation of System Network Preferences

Vendor Stash
Product Stash
Weakness CWE-863 · Incorrect authorization
Published June 10, 2025
Last update June 11, 2025
View on NVD All CVEs

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root), effectively authorizing itself rather than the client. As a result, it grants the system.preferences.admin right internally, regardless of the requesting client's privileges. This flawed logic allows unprivileged clients to invoke privileged operations via XPC, including unauthorized changes to system-wide network preferences such as SOCKS, HTTP, and HTTPS proxy settings. The absence of proper code-signing checks further enables arbitrary processes to exploit this flaw, leading to man-in-the-middle (MITM) attacks through traffic redirection.

Key dates

02Disclosure timeline

June 10, 2025 CVE published
June 11, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-27936 Discourse discloses restricted post-action counts to non-privileged users CVE-2024-47616 Pomerium's service account access token may grant unintended access to databroker API CVE-2026-34506 OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration CVE-2024-10306 Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests CVE-2026-27153 Discourse doesn't prevent moderators from exporting user Chat DMs