iHongRen pptp-vpn CVE-2025-11130
HIGHSeverity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Local privilege escalation in iHongRen pptp-vpn 1.0/1.0.1 for macOS allows unauthenticated local users to execute arbitrary code with elevated privileges by exploiting missing authentication in the XPC service helper tool. Public exploit code exists on GitHub demonstrating the authentication bypass in shouldAcceptNewConnection function. Despite CVSS 7.3 severity, EPSS exploitation probability remains low (0.03%, 8th percentile), suggesting limited real-world targeting, though the availability of working POC code increases risk for local attackers with physical or remote desktop access.
Technical ContextAI
This vulnerability exploits Apple's XPC (Cross-Process Communication) framework, which macOS applications use for inter-process communication and privilege separation. The pptp-vpn application includes a privileged helper tool (HelperTool.m) that should validate incoming XPC connections in its shouldAcceptNewConnection method. CWE-287 (Improper Authentication) indicates the helper tool fails to verify the caller's identity or entitlements before accepting connections, allowing any local process to connect and invoke privileged operations without authentication. XPC services commonly handle elevated operations like VPN configuration, network interface manipulation, and system preferences modification, making authentication failures in these components critical security boundaries.
Affected ProductsAI
iHongRen pptp-vpn versions 1.0 and 1.0.1 running on macOS are confirmed vulnerable. The flaw exists specifically in the HelperTool.m component of the XPC Service helper tool that handles privileged VPN operations. No CPE identifier is available in NVD data. The vendor (iHongRen) was notified during responsible disclosure but provided no response, and no vendor security advisory exists. Users should assume all installations of these specific versions on any macOS release are affected until independent testing confirms otherwise.
RemediationAI
No vendor-released patch exists as iHongRen did not respond to disclosure. Primary mitigation: immediately uninstall pptp-vpn 1.0/1.0.1 and migrate to actively maintained VPN clients such as WireGuard, OpenVPN with official Tunnelblick client, or built-in macOS IKEv2/L2TP support. If business requirements absolutely mandate continued pptp-vpn use (not recommended given PPTP protocol's inherent cryptographic weaknesses beyond this CVE), implement compensating controls: restrict physical access to affected systems; enable macOS FileVault full-disk encryption to raise local access barriers; deploy EDR solutions to detect unauthorized XPC service connections; use macOS TCC (Transparency, Consent, and Control) framework to monitor helper tool invocations. Note that these mitigations only increase attacker cost and do not eliminate the vulnerability. Product replacement is the only complete remediation given vendor abandonment.
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today