CVE-2025-11130
BaseFortify
Publication date: 2025-09-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ihongren | pptp-vpn | 1.0 |
| ihongren | pptp-vpn | 1.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the iHongRen pptp-vpn versions 1.0 and 1.0.1 on macOS, specifically in the XPC Service component's shouldAcceptNewConnection function. The issue is a missing authentication check that allows any local attacker to connect to the privileged helper tool's Mach service without verifying their identity. Because this helper runs with root privileges and exposes an interface to execute arbitrary shell commands, an attacker can execute commands as the root user, leading to local privilege escalation and arbitrary code execution. [1, 2]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing a local attacker to escalate their privileges to root on your macOS system running iHongRen pptp-vpn 1.0 or 1.0.1. The attacker can execute arbitrary commands with root-level permissions, compromising the confidentiality, integrity, and availability of your system. This means unauthorized users could take full control of your system, potentially leading to data theft, system damage, or denial of service. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the privileged helper tool `com.cxy.PPTPVPN.HelpTool` running on the macOS system. Since the exploit involves connecting to the Mach service `com.cxy.PPTPVPN.HelpTool`, you can use commands to list running services and check for this specific XPC service. For example, use `launchctl list | grep com.cxy.PPTPVPN.HelpTool` to see if the service is loaded. Additionally, checking for the presence of the iHongRen pptp-vpn version 1.0 or 1.0.1 installed on the system can indicate vulnerability. Since the exploit allows arbitrary command execution via the helper, monitoring for unusual local connections or suspicious use of `NSTask`, `system()`, or `NSAppleScript` related to this service may also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or disabling the vulnerable iHongRen pptp-vpn versions 1.0 and 1.0.1 on macOS, as no vendor patches or fixes are available. Since the vulnerability requires local access, restricting local user access to the system and limiting who can execute or interact with the `com.cxy.PPTPVPN.HelpTool` service can reduce risk. Replacing the affected software with an alternative VPN solution is recommended. Monitoring for exploitation attempts and applying strict access controls on the system are also advisable until a patch or update is provided. [2]