CVE-2025-4412

Name of the Vulnerable Software and Affected Versions Viscosity versions prior to 1.11.5

Description The issue allows loading a dynamic library with Viscosity's TCC identity on macOS systems by utilizing a Launch Agent and loading the viscosity openvpn process from the application bundle. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.

Recommendations For versions prior to 1.11.5, update to version 1.11.5 to resolve the issue. As a temporary workaround, consider restricting the use of the viscosity openvpn process until the update is applied.