iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication_CVE-2025-11130

8.6 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11130

Source VulDB

Published Sep 29, 2025 at 00:32

Affected Product

Vendor iHongRen

Product pptp-vpn

Version 1.0

Affected Versions iHongRen pptp-vpn 1.0
iHongRen pptp-vpn 1.0.1

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-09-29T00:32:06.122Z",
    "modified": "2025-09-29T00:32:06.122Z",
    "type": "cve",
    "title": "iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.326210\nhttps://vuldb.com/?ctiid.326210\nhttps://vuldb.com/?submit.655456\nhttps://github.com/SwayZGl1tZyyy/n-days/blob/main/pptp-vpn/README.md",
    "id": "CVE-2025-11130",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "iHongRen pptp-vpn 1.0\niHongRen pptp-vpn 1.0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pptp-vpn",
    "version": "1.0",
    "vendor": "iHongRen",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}