CVE-2025-4412
Description
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without entitlements such as access to the camera or microphone. Only user-granted permissions for file resources apply. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 1.11.5 of Viscosity.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-4412? +
How do I check if I'm vulnerable to CVE-2025-4412? +
Related Vulnerabilities
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting …
The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This …
The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default …
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the …
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious …
Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has …