Skip to main content

iHongRen pptp-vpn CVE-2025-11130

HIGH
Improper Authentication (CWE-287)
2025-09-29 cna@vuldb.com
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
Apr 29, 2026 - 01:12 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 29, 2026 - 01:11 vuln.today
cvss_changed
CVSS changed
Apr 29, 2026 - 01:11 NVD
8.6 (HIGH) 7.3 (HIGH)
Analysis Generated
Mar 28, 2026 - 19:14 vuln.today
CVE Published
Sep 29, 2025 - 01:15 nvd
HIGH 8.6

DescriptionCVE.org

A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Local privilege escalation in iHongRen pptp-vpn 1.0/1.0.1 for macOS allows unauthenticated local users to execute arbitrary code with elevated privileges by exploiting missing authentication in the XPC service helper tool. Public exploit code exists on GitHub demonstrating the authentication bypass in shouldAcceptNewConnection function. Despite CVSS 7.3 severity, EPSS exploitation probability remains low (0.03%, 8th percentile), suggesting limited real-world targeting, though the availability of working POC code increases risk for local attackers with physical or remote desktop access.

Technical ContextAI

This vulnerability exploits Apple's XPC (Cross-Process Communication) framework, which macOS applications use for inter-process communication and privilege separation. The pptp-vpn application includes a privileged helper tool (HelperTool.m) that should validate incoming XPC connections in its shouldAcceptNewConnection method. CWE-287 (Improper Authentication) indicates the helper tool fails to verify the caller's identity or entitlements before accepting connections, allowing any local process to connect and invoke privileged operations without authentication. XPC services commonly handle elevated operations like VPN configuration, network interface manipulation, and system preferences modification, making authentication failures in these components critical security boundaries.

Affected ProductsAI

iHongRen pptp-vpn versions 1.0 and 1.0.1 running on macOS are confirmed vulnerable. The flaw exists specifically in the HelperTool.m component of the XPC Service helper tool that handles privileged VPN operations. No CPE identifier is available in NVD data. The vendor (iHongRen) was notified during responsible disclosure but provided no response, and no vendor security advisory exists. Users should assume all installations of these specific versions on any macOS release are affected until independent testing confirms otherwise.

RemediationAI

No vendor-released patch exists as iHongRen did not respond to disclosure. Primary mitigation: immediately uninstall pptp-vpn 1.0/1.0.1 and migrate to actively maintained VPN clients such as WireGuard, OpenVPN with official Tunnelblick client, or built-in macOS IKEv2/L2TP support. If business requirements absolutely mandate continued pptp-vpn use (not recommended given PPTP protocol's inherent cryptographic weaknesses beyond this CVE), implement compensating controls: restrict physical access to affected systems; enable macOS FileVault full-disk encryption to raise local access barriers; deploy EDR solutions to detect unauthorized XPC service connections; use macOS TCC (Transparency, Consent, and Control) framework to monitor helper tool invocations. Note that these mitigations only increase attacker cost and do not eliminate the vulnerability. Product replacement is the only complete remediation given vendor abandonment.

Share

CVE-2025-11130 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy