The vulnerability is a world‑reachable IPC endpoint in clash‑verge‑service‑ipc. An unprivileged user can access the endpoint and send crafted requests, which the service accepts and executes without proper permission checks. This allows the attacker to gain higher privileges on the same host, potentially compromising the entire system. The vulnerability stems from an incorrect permission configuration (CWE-732) that leaves the IPC socket accessible to all local users. Because the service runs with elevated privileges, exploitation directly elevates the attacker’s privilege level. This issue has a CVSS score of 8.4, indicating high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no well‑known exploits have been observed yet. Nevertheless, the local attack vector warrants immediate remediation as it could be abused in environments where untrusted users have filesystem or process access.

The affected product is Clash Verge Rev’s clash‑verge‑service‑ipc before version 2.3.0. All releases prior to v2.3.0 include the world‑reachable IPC endpoint.

The CVSS score of 8.4 reflects a high risk scenario where a local attacker can elevate privileges. Because the vulnerability requires local access to the IPC endpoint, systems with strict user separation or who deny shell access to unprivileged users are less likely to be affected. Still, any environment where local users can reach the service socket is at risk. There is no publicly available exploit catalogued, but the potential for local privilege escalation remains significant.