CVE-2025-1078
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.30 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AppHouseKitchen | AlDente Charge Limiter | 1.0 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.1 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.2 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.3 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.4 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.5 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.6 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.7 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.8 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.9 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.10 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.11 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.12 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.13 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.14 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.15 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.16 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.17 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.18 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.19 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.20 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.21 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.22 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.23 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.24 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.25 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.26 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.27 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.28 | affected |
| AppHouseKitchen | AlDente Charge Limiter | 1.29 | affected |
Weaknesses
- CWE-285: Improper Authorization
- CWE-266: Incorrect Privilege Assignment
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.294844
- https://vuldb.com/?ctiid.294844
- https://vuldb.com/?submit.492529
- https://winslow1984.com/books/cve-collection/page/aldente-charge-limiter-130-unauthorized-privileged-hardware-operations
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.