- Description
- A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.30 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional.
- Source
- cna@vuldb.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 3.4
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 6.4
- Exploitability score
- 3.1
- Vector string
- AV:L/AC:L/Au:S/C:P/I:P/A:P
- cna@vuldb.com
- CWE-266
- Hype score
- Not currently trending
Excited to share that I’ve identified three new CVE vulnerabilities in popular macOS software: CVE-2025-1078 – AlDente Charger Limiter <1.30: Privileged hardware manipulation. The vendor generously rewarded me with a lifetime license. CVE-2025-21606 – Stats <2.11.21: Loca
@senzee1984
6 Feb 2025
607 Impressions
0 Retweets
7 Likes
1 Bookmark
2 Replies
0 Quotes
CVE-2025-1078 Local Privilege Escalation in AppHouseKitchen AlDente Charge Limiter on macOS https://t.co/LZVRA9Bl3G
@VulmonFeeds
6 Feb 2025
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1078 A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldA… https://t.co/hSYoZXm0ap
@CVEnew
6 Feb 2025
202 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-1078 | AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization) has been published on https://t.co/naZdYfNapr
@WolfgangSesin
6 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes