Description

Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, the helper is configured as a LaunchDaemon and runs with root privileges. In versions 4.4.0 through 4.5.1, the helper registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) and accepts unauthenticated connections from any local process. It exposes a method that executes arbitrary shell commands. This allows any local unprivileged user to escalate privileges to root once the helper is approved and active. This issue is fixed in version 4.5.2.

INFO

Published Date :

2025-08-01T18:06:23.948Z

Last Modified :

2025-08-01T18:21:50.407Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54595 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54595.

URL Resource
https://github.com/alienator88/Pearcleaner/commit/69afadfa95791cb998118ca35c227007b230b984 cve-icon cve-icon
https://github.com/alienator88/Pearcleaner/issues/278 cve-icon cve-icon
https://github.com/alienator88/Pearcleaner/releases/tag/4.5.2 cve-icon cve-icon
https://github.com/alienator88/Pearcleaner/security/advisories/GHSA-gr2j-65fh-8pvc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact