CVE-2025-1078

MEDIUM

AppHouseKitchen AlDente Charge Limiter <1.29 - Privilege Escalation

Title source: llm

Description

A vulnerability has been found in AppHouseKitchen AlDente Charge Limiter up to 1.29 on macOS and classified as critical. This vulnerability affects the function shouldAcceptNewConnection of the file com.apphousekitchen.aldente-pro.helper of the component XPC Service. The manipulation leads to improper authorization. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.30 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.294844

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.294844

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.492529

Various Sources exploit

https://winslow1984.com/books/cve-collection/page/aldente-charge-limiter-130-unauthorized-privileged-hardware-operations

Scores

CVSS v3 5.3

EPSS 0.0015

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (30)

AppHouseKitchen/AlDente Charge Limiter 1.0

AppHouseKitchen/AlDente Charge Limiter 1.1

AppHouseKitchen/AlDente Charge Limiter 1.10

AppHouseKitchen/AlDente Charge Limiter 1.11

AppHouseKitchen/AlDente Charge Limiter 1.12

AppHouseKitchen/AlDente Charge Limiter 1.13

AppHouseKitchen/AlDente Charge Limiter 1.14

AppHouseKitchen/AlDente Charge Limiter 1.15

AppHouseKitchen/AlDente Charge Limiter 1.16

AppHouseKitchen/AlDente Charge Limiter 1.17

... and 20 more

Published Feb 06, 2025

Tracked Since Feb 18, 2026