VYPR

Viscosity

by SparkLabs

CVEs (3)

  • CVE-2025-4412MedMay 27, 2025
    risk 0.31cvss epss 0.00

    On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency, Consent, and Control) identity. The acquired resource access is limited without…

  • CVE-2012-4284Jan 10, 2020
    risk 0.07cvss epss 0.70

    A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code

  • CVE-2020-5180Jan 14, 2020
    risk 0.00cvss epss 0.00

    Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using…