CVE-2025-9474 is a vulnerability identified in the Mihomo Party application, specifically versions 1.8.0 and 1.8.1 running on macOS. The flaw exists in the enableSysProxy function within the src/main/sys/sysproxy.ts file, part of the Socket Handler component. The vulnerability involves the creation of a temporary file with insecure permissions, which could potentially allow unauthorized local users to access or manipulate the file. The attack vector requires local access to the system, meaning an attacker must already have some level of access to the affected machine. The complexity of exploiting this vulnerability is high, and the exploitability is considered difficult. No user interaction is required, and the attack does not require elevated privileges beyond local user rights. The CVSS 4.0 base score is 2, indicating a low severity level, primarily due to the limited scope and difficulty of exploitation. Although the exploit code is publicly available, there are no known exploits in the wild at this time. The vulnerability primarily impacts confidentiality and integrity at a low level, as the insecure file permissions could allow local attackers to read or modify temporary files used by the application, potentially leading to further local privilege escalation or data leakage within the local environment.

For European organizations, the impact of this vulnerability is relatively limited due to the requirement for local access and the high complexity of exploitation. However, organizations using Mihomo Party on macOS systems, especially in environments where multiple users share the same machine or where local access controls are weak, could face risks of unauthorized data exposure or local privilege escalation. This could be particularly relevant in sectors with shared workstations or in development environments. While the direct impact on network-wide operations or critical infrastructure is low, the vulnerability could serve as a foothold for attackers who have already gained limited local access, potentially facilitating lateral movement or further compromise. The low CVSS score reflects the limited risk, but organizations should not dismiss the threat, especially if Mihomo Party is used in sensitive or multi-user contexts.

To mitigate this vulnerability, European organizations should: 1) Immediately update Mihomo Party to a patched version once available, as no patch links are currently provided but monitoring vendor advisories is critical. 2) Restrict local access to macOS systems running Mihomo Party, ensuring that only trusted users have login capabilities. 3) Implement strict file system permissions and monitoring on temporary directories to detect unauthorized file creation or modification. 4) Employ endpoint security solutions that can detect anomalous local file operations or privilege escalation attempts. 5) Conduct regular audits of local user accounts and their permissions to minimize the risk of unauthorized local access. 6) Educate users about the risks of local vulnerabilities and enforce policies that limit installation of unnecessary software, reducing the attack surface. These steps go beyond generic advice by focusing on local access controls, file system monitoring, and user education tailored to the nature of this vulnerability.