Login Sign Up

CVE-2025-9474

4.5 MEDIUM

📋 TL;DR

This vulnerability in Mihomo Party up to version 1.8.1 on macOS allows local attackers to create temporary files with insecure permissions via the enableSysProxy function. Attackers could potentially escalate privileges or manipulate system proxy settings, but exploitation requires local access and is complex. Only macOS users running vulnerable versions of Mihomo Party are affected.

💻 Affected Systems

Products:
  • Mihomo Party
Versions: Up to and including 1.8.1
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects macOS installations. Requires the vulnerable enableSysProxy function to be invoked.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, unauthorized system proxy configuration changes, or arbitrary file creation with elevated permissions.

🟠

Likely Case

Limited local file manipulation affecting only the user's session, potentially disrupting proxy settings or creating temporary files in accessible locations.

🟢

If Mitigated

Minimal impact with proper file permission controls, user isolation, and restricted local access to vulnerable systems.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical or authenticated local access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this, but exploitation complexity reduces likelihood.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploit requires local access and specific conditions. Public proof-of-concept exists but exploitation is described as difficult.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.8.1

Vendor Advisory: Not specified in provided references

Restart Required: No

Instructions:

1. Check current version of Mihomo Party. 2. Update to latest version beyond 1.8.1. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable vulnerable function

macOS

Prevent execution of the vulnerable enableSysProxy function if not required

Restrict local access

macOS

Limit local user access to systems running vulnerable versions

🧯 If You Can't Patch

  • Remove or disable Mihomo Party until patching is possible
  • Implement strict file permission controls and monitor temporary file creation

🔍 How to Verify

Check if Vulnerable:

Check Mihomo Party version. If version is 1.8.1 or earlier on macOS, system is vulnerable.

Check Version:

Check application version in Mihomo Party settings or about dialog

Verify Fix Applied:

Verify Mihomo Party version is greater than 1.8.1 and test that enableSysProxy function no longer creates insecure temporary files.

📡 Detection & Monitoring

Log Indicators:

  • Unusual temporary file creation events
  • enableSysProxy function calls with unexpected parameters
  • File permission modification attempts

Network Indicators:

  • Unexpected system proxy configuration changes

SIEM Query:

Search for process creation events related to Mihomo Party followed by file creation events with insecure permissions

📊 Metadata

CVE ID: CVE-2025-9474
CVSS v3 Score: 4.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-377
EPSS Score: 0.01% exploit probability (2th percentile)
Published: August 26, 2025
Last Updated: August 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9474, you might also want to check these:

CVE-2012-2666 9.8

This vulnerability in Go programming language allows local privilege escalation through predictable ...

Same vulnerability type (CWE-377)
CVE-2013-4561 9.1

CVE-2013-4561 is a temporary file handling vulnerability in OpenShift's mcollective facts update cro...

Same vulnerability type (CWE-377)
CVE-2018-16494 8.8

This vulnerability in Versa Operating System (VOS) uses an overly permissive umask setting, allowing...

Same vulnerability type (CWE-377)