Vulnerabilites related to iHongRen - pptp-vpn
CVE-2025-11130 (GCVE-0-2025-11130)
Vulnerability from cvelistv5
Published
2025-09-29 00:32
Modified
2025-09-29 11:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.326210 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.326210 | signature, permissions-required | |
| https://vuldb.com/?submit.655456 | third-party-advisory | |
| https://github.com/SwayZGl1tZyyy/n-days/blob/main/pptp-vpn/README.md | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11130",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T11:58:42.371207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T11:59:04.849Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"XPC Service"
],
"product": "pptp-vpn",
"vendor": "iHongRen",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SwayZGl1tZyyy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In iHongRen pptp-vpn 1.0/1.0.1 auf macOS wurde eine Schwachstelle gefunden. Hierbei geht es um die Funktion shouldAcceptNewConnection der Datei HelpTool/HelperTool.m der Komponente XPC Service. Durch Beeinflussen mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T00:32:06.122Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326210 | iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326210"
},
{
"name": "VDB-326210 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326210"
},
{
"name": "Submit #655456 | iHongRen pptp-vpn v1.0.1 Local Privilege escalation to root via XPC",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.655456"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/pptp-vpn/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-28T08:18:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11130",
"datePublished": "2025-09-29T00:32:06.122Z",
"dateReserved": "2025-09-28T06:13:27.150Z",
"dateUpdated": "2025-09-29T11:59:04.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}