Arbitrary Code Execution Vulnerability in Tunnelblick by The Tunnelblick Team
CVE-2025-43711

8.1HIGH

Key Information:

Vendor

Tunnelblick Project

Status
Tunnelblick
Vendor
CVE Published:
5 July 2025

Badges

đź“° News Worthy

What is CVE-2025-43711?

A serious security flaw in Tunnelblick, a popular open-source VPN client for macOS, exists in versions before 7.0. When incompletely uninstalled, this vulnerability allows attackers to execute arbitrary code as root on the next system boot. This is achieved by placing a malicious Tunnelblick.app file in the /Applications directory. Users should ensure that they fully uninstall the application to mitigate potential risks associated with this threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tunnelblick 3.5beta06 < 7.0

News Articles

favicon imageYanac.hu

CVE-2025-43711 | Tunnelblick up to 6.x Uninstall Tunnelblick.app cleanup (EUVD-2025-20098)

A vulnerability was found in Tunnelblick up to 6.x. It has been declared as critical. This vulnerability affects unknown code of the file Tunnelblick.app of the component Uninstall. The manipulati…

References

https://tunnelblick.net/downloads.html
https://tunnelblick.net/cCVE-2025-43711.html

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • đź“°

    First article discovered by Yanac.hu

  • Vulnerability published

JSON
.