CVE-2025-1078

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 6, 2025

CWE ID 285

CWE ID 266

Summary

CVE-2025-1078 is a newly disclosed critical vulnerability affecting AppHouseKitchen's AlDente Charge Limiter up to version 1.29 on macOS. The issue lies within the XPC Service component of the file com.apphousekitchen.aldente-pro.helper, specifically the function shouldAcceptNewConnection. This vulnerability results in improper authorization, allowing for local host manipulation and potential exploitation. The exploit has already been made public, increasing the risk to users. Upgrading to version 1.30 is the recommended solution, and the vendor has acted professionally in response to the disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2dwuqT
https://www.cve.org/CVERecord?id=CVE-2025-1078
https://nvd.nist.gov/vuln/detail/CVE-2025-1078

Back to Vulnerability Database

CVE-2025-1078

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations