Vulnerabilities > CVE-2025-1078

CVSS 5.3 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

local

low complexity

CWE-266

NVD

Published: 2025-02-06

Updated: 2025-02-06

Summary

A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.30 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional.

Common Weakness Enumeration (CWE)

CWE-266 - Incorrect Privilege Assignment

References

https://vuldb.com/?ctiid.294844
https://vuldb.com/?id.294844
https://vuldb.com/?submit.492529
https://winslow1984.com/books/cve-collection/page/aldente-charge-limiter-130-unauthorized-privileged-hardware-operations

Vulnerabilities > CVE-2025-1078 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2025-1078"}]}

Summary

Common Weakness Enumeration (CWE)

References

Vulnerabilities > CVE-2025-1078