CVE-2025-9474 is a vulnerability identified in Mihomo Party versions up to 1.8.1 on macOS platforms. The flaw exists in the enableSysProxy function within the src/main/sys/sysproxy.ts file, specifically in the Socket Handler component. The vulnerability arises from the creation of temporary files with insecure permissions, which could potentially allow unauthorized local users to access or manipulate these files. Exploitation requires local access to the affected system and is characterized by high complexity, indicating that successful exploitation demands significant technical skill and favorable conditions. The vulnerability does not require user interaction but does require low-level privileges (local privileges) to exploit. The CVSS 4.0 base score is 2, reflecting a low severity rating due to limited impact and difficult exploitability. The vulnerability primarily impacts confidentiality, integrity, and availability at a low level, given the local scope and the nature of the insecure temporary file permissions. No patches or mitigation links are currently provided, and no known exploits are reported in the wild, although a public exploit exists.

For European organizations, the impact of CVE-2025-9474 is relatively limited but should not be ignored. Since exploitation requires local access and low privileges, the vulnerability primarily poses a risk in environments where multiple users share systems or where attackers can gain initial footholds with limited privileges. Potential impacts include unauthorized access to sensitive temporary files, which could lead to information disclosure or local privilege escalation if combined with other vulnerabilities. However, the high complexity and difficulty of exploitation reduce the likelihood of widespread attacks. Organizations using Mihomo Party on macOS, especially in multi-user or shared workstation environments, should be cautious. The vulnerability could be leveraged by insider threats or attackers who have already compromised a system with limited privileges, potentially aiding lateral movement or persistence. Given the low severity, the direct impact on critical infrastructure or large-scale data breaches is minimal, but it remains a vector for local compromise in targeted attacks.

To mitigate CVE-2025-9474 effectively, European organizations should take the following specific actions: 1) Restrict local access to systems running Mihomo Party to trusted users only, minimizing the risk of unauthorized local exploitation. 2) Implement strict file system permissions and monitoring on directories used for temporary files to detect and prevent unauthorized access or modifications. 3) Employ application whitelisting and endpoint protection solutions that can detect anomalous file creation or permission changes related to Mihomo Party processes. 4) Regularly audit and update Mihomo Party installations and monitor vendor communications for patches or updates addressing this vulnerability. 5) Use macOS security features such as System Integrity Protection (SIP) and sandboxing to limit the potential impact of local exploits. 6) Educate users about the risks of local privilege misuse and enforce least privilege principles to reduce the attack surface. Since no official patch is currently available, these compensating controls are critical to reduce risk.