Insecure Temporary File

CVE-2025-9474

Low

1.1/10

Summary

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit is now public and may be used.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-377 - Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

References

Advisory Timeline

Published Aug 26, 2025

Insecure Temporary File

CVE-2025-9474

Summary

CWE-377 - Insecure Temporary File

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS