CVE-2025-9474

Name of the Vulnerable Software and Affected Versions: Mihomo Party versions through 1.8.1

Description: A vulnerability exists in Mihomo Party up to version 1.8.1 on macOS. The issue is related to the enableSysProxy function within the src/main/sys/sysproxy.ts file of the Socket Handler component, resulting in the creation of a temporary file with insecure permissions. The attack requires local access and is characterized by high complexity and difficult exploitability. The exploit is publicly available.

Recommendations: Versions prior to 1.8.1 are recommended. As a temporary workaround, consider restricting access to the enableSysProxy() function until a patch is available.