CVE-2025-11130

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iHongRen pptp-vpn versions 1.0 and 1.0.1

Description A security issue has been identified in iHongRen pptp-vpn on macOS. The problem resides in the shouldAcceptNewConnection function within the HelpTool/HelperTool.m file of the XPC Service component, leading to missing authentication. This allows local attackers to bypass authentication mechanisms. The exploit for this issue is publicly available. The vendor was informed of this issue but did not provide a response.

Recommendations For iHongRen pptp-vpn version 1.0, restrict access to the vulnerable component XPC Service. For iHongRen pptp-vpn version 1.0.1, restrict access to the vulnerable component XPC Service.

Exploit

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2025-11130

Affected Products

Ihongren Pptp-Vpn

CVE-2025-11130

Weakness Enumeration

Related Identifiers

Affected Products

References · 12