プラットフォーム
macos
コンポーネント
com.alienator88.pearcleaner.pearcleanerhelper
修正版
4.4.1
CVE-2025-54595 describes a critical vulnerability within the PearcleanerHelper, a privileged helper tool bundled with the Pearcleaner macOS application. This flaw allows an unauthenticated local process to execute arbitrary shell commands with root privileges, potentially leading to complete system compromise. The vulnerability affects versions 4.4.0 through 4.5.1 and has been resolved in version 4.5.2.
The PearcleanerHelper, designed to perform privileged cleaning operations on macOS, registers an XPC service accessible to any local process without authentication. This service exposes a method that directly executes shell commands. An attacker who can interact with the local system can leverage this vulnerability to gain root access, install malware, modify system files, or exfiltrate sensitive data. Given the helper's root privileges, the blast radius of a successful exploitation is the entire macOS system. This vulnerability shares similarities with other XPC service vulnerabilities where improper access controls lead to privilege escalation.
CVE-2025-54595 was publicly disclosed on August 1, 2025. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for updates on exploitation attempts.
Users of Pearcleaner running versions 4.4.0 through 4.5.1 on macOS are at significant risk. This includes individuals who have granted PearcleanerHelper root privileges and those who share their systems with untrusted users or processes. Shared hosting environments utilizing Pearcleaner are also vulnerable.
• macos: Use lsof to identify processes connected to the com.alienator88.Pearcleaner.PearcleanerHelper XPC service.
lsof -i | grep PearcleanerHelper• macos: Check LaunchAgents and LaunchDaemons for suspicious entries related to PearcleanerHelper.
ls -l /Library/LaunchDaemons | grep PearcleanerHelper• macos: Monitor system logs (Console.app) for any errors or unusual activity originating from the PearcleanerHelper process.
• macos: Use ps to identify running PearcleanerHelper processes and their parent processes. Investigate any unexpected parent processes.
ps aux | grep PearcleanerHelperdisclosure
エクスプロイト状況
EPSS
0.02% (5% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-54595 is to immediately upgrade Pearcleaner to version 4.5.2 or later. If upgrading is not immediately feasible, consider isolating PearcleanerHelper processes to prevent unauthorized access. While a direct workaround is not available, restricting network access to the XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) could limit the attack surface. Monitor system logs for suspicious process activity related to PearcleanerHelper and implement strict access controls on the system to limit the potential impact of a successful exploit.
Actualice Pearcleaner a la versión 4.5.2 o posterior. Esta versión corrige la vulnerabilidad que permite la ejecución de comandos arbitrarios con privilegios de root. Descargue la última versión desde la página oficial del desarrollador o desde la App Store.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-54595 is a HIGH severity vulnerability in PearcleanerHelper versions 4.4.0–4.5.1 for macOS, allowing unauthenticated local processes to execute arbitrary shell commands with root privileges.
If you are using PearcleanerHelper on macOS versions 4.4.0 through 4.5.1, you are potentially affected by this vulnerability. Upgrade to version 4.5.2 or later to mitigate the risk.
The recommended fix is to upgrade Pearcleaner to version 4.5.2 or later. If upgrading is not immediately possible, consider isolating the PearcleanerHelper process and restricting access to its XPC service.
As of August 1, 2025, there are no known public exploits or active campaigns targeting CVE-2025-54595, but continuous monitoring is advised.
Refer to the official Pearcleaner website or security advisories for the latest information and updates regarding CVE-2025-54595.