CVE-2025-9474 LOW

CVE-2025-9474: Mihomo Party Socket sysproxy.ts enableSysProxy temp file

Vendor Mihomo
Product Party
Weakness CWE-378
Published August 26, 2025
Last update September 5, 2025

CVSS base score

2.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.

Key dates

02Disclosure timeline

August 26, 2025 CVE published
September 5, 2025 Record updated