CVE-2025-64723

Sažetak

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.

Reference

https://github.com/arduino/arduino-ide/pull/2805/commits/2f7667136ee95ce07dde23c49d2de526b45e3293
https://github.com/arduino/arduino-ide/releases/tag/2.3.7
https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqj
https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-Vulnerabilities

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

19-12-2025 - 18:00

Objavljeno

18-12-2025 - 16:15