Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for pptp-vpn by iHongRen

    CVE-2025-11130 (GCVE-0-2025-11130)

    Vulnerability from nvd – Published: 2025-09-29 00:32 – Updated: 2025-09-29 11:59
    VLAI
    Title
    iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication
    Summary
    A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.326210 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.326210 signaturepermissions-required
    https://vuldb.com/?submit.655456 third-party-advisory
    https://github.com/SwayZGl1tZyyy/n-days/blob/main… exploit
    Impacted products
    Vendor Product Version
    iHongRen pptp-vpn Affected: 1.0
    Affected: 1.0.1
    Create a notification for this product.
    Credits
    SwayZGl1tZyyy (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11130",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-29T11:58:42.371207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-29T11:59:04.849Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "XPC Service"
              ],
              "product": "pptp-vpn",
              "vendor": "iHongRen",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "SwayZGl1tZyyy (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In iHongRen pptp-vpn 1.0/1.0.1 auf macOS wurde eine Schwachstelle gefunden. Hierbei geht es um die Funktion shouldAcceptNewConnection der Datei HelpTool/HelperTool.m der Komponente XPC Service. Durch Beeinflussen mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-29T00:32:06.122Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-326210 | iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.326210"
            },
            {
              "name": "VDB-326210 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.326210"
            },
            {
              "name": "Submit #655456 | iHongRen pptp-vpn v1.0.1 Local Privilege escalation to root via XPC",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.655456"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/pptp-vpn/README.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-28T08:18:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11130",
        "datePublished": "2025-09-29T00:32:06.122Z",
        "dateReserved": "2025-09-28T06:13:27.150Z",
        "dateUpdated": "2025-09-29T11:59:04.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-11130 (GCVE-0-2025-11130)

    Vulnerability from cvelistv5 – Published: 2025-09-29 00:32 – Updated: 2025-09-29 11:59
    VLAI
    Title
    iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication
    Summary
    A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.326210 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.326210 signaturepermissions-required
    https://vuldb.com/?submit.655456 third-party-advisory
    https://github.com/SwayZGl1tZyyy/n-days/blob/main… exploit
    Impacted products
    Vendor Product Version
    iHongRen pptp-vpn Affected: 1.0
    Affected: 1.0.1
    Create a notification for this product.
    Credits
    SwayZGl1tZyyy (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11130",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-29T11:58:42.371207Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-29T11:59:04.849Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "XPC Service"
              ],
              "product": "pptp-vpn",
              "vendor": "iHongRen",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.0.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "SwayZGl1tZyyy (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In iHongRen pptp-vpn 1.0/1.0.1 auf macOS wurde eine Schwachstelle gefunden. Hierbei geht es um die Funktion shouldAcceptNewConnection der Datei HelpTool/HelperTool.m der Komponente XPC Service. Durch Beeinflussen mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-29T00:32:06.122Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-326210 | iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.326210"
            },
            {
              "name": "VDB-326210 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.326210"
            },
            {
              "name": "Submit #655456 | iHongRen pptp-vpn v1.0.1 Local Privilege escalation to root via XPC",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.655456"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/SwayZGl1tZyyy/n-days/blob/main/pptp-vpn/README.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-09-28T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-09-28T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-09-28T08:18:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-11130",
        "datePublished": "2025-09-29T00:32:06.122Z",
        "dateReserved": "2025-09-28T06:13:27.150Z",
        "dateUpdated": "2025-09-29T11:59:04.849Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }