Which versions of Apple are affected by CVE-2025-9474?

CVE-2025-9474 is a low-severity vulnerability in Mihomo Party (CVSS 2.0). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

Is there a public PoC exploit available for CVE-2025-9474?

Yes, a public proof-of-concept exploit is available for CVE-2025-9474. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-9474?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Apple CVE-2025-9474

Q: What is the CVSS score of CVE-2025-9474?

CVE-2025-9474 has a CVSS 4.0 base score of 1.1 (Low). CVSS vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Insecure Temporary File (CWE-377)

2025-08-26 cna@vuldb.com

Apple Information Disclosure

1.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.1 LOW

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

2.0 (LOW) 1.1 (LOW)

Analysis Generated

Mar 28, 2026 - 19:08 vuln.today

PoC Detected

Aug 26, 2025 - 13:41 vuln.today

Public exploit code

CVE Published

Aug 26, 2025 - 05:15 nvd

LOW 2.0

DescriptionCVE.org

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.

AnalysisAI

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-377. A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used. Version information: up to 1.8.1.

Affected ProductsAI

Mihomo Party up to 1.8.1 on macOS. Affected.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-9474 vulnerability details – vuln.today

Back