A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file…
VulDB·CWE-377·Published 2025-08-26
In Mihomo Party bis 1.8.1 auf macOS ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion enableSysProxy der Datei src/main/sys/sysproxy.ts der Komponente Socket Handler. Dank Manipulation mit unbekannten Daten kann eine creation of temporary file with insecure permissions-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit ist öffentlich verfügbar und könnte genutzt werden.
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.
A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.
Se detectó una vulnerabilidad en Mihomo Party hasta la versión 1.8.1 en macOS. La función enableSysProxy del archivo src/main/sys/sysproxy.ts del componente Socket Handler se ve afectada. La manipulación da como resultado la creación de un archivo temporal con permisos inseguros. El ataque requiere un enfoque local. Es un ataque de complejidad bastante alta. Parece difícil de explotar. Se ha hecho público el exploit y puede que sea utilizado.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | cve.org | 3.5 | — | — | AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 2.0 | Primary | cve.org | 3.5 | — | — | AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 2.0 | Secondary | NVD | 3.5 | 1.5 | 6.4 | AV:L/AC:H/Au:S/C:P/I:P/A:P |
| 3.0 | Primary | cve.org | 4.5 | — | — | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 3.0 | Primary | cve.org | 4.5 | — | — | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 3.1 | Primary | cve.org | 4.5 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 3.1 | Primary | cve.org | 4.5 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 3.1 | Secondary | NVD | 4.5 | 1.0 | 3.4 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
| 4.0 | Primary | cve.org | 2.0 | — | — | CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| 4.0 | Primary | cve.org | 2.0 | — | — | CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| 4.0 | Secondary | NVD | 1.1 | — | — | CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |