Home

Description

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.

PUBLISHED Reserved 2025-11-10 | Published 2025-12-18 | Updated 2025-12-18 | Assigner GitHub_M




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-276: Incorrect Default Permissions

Product status

< 2.3.7
affected

References

github.com/...no-ide/security/advisories/GHSA-vf5j-xhwq-8vqj

github.com/...mmits/2f7667136ee95ce07dde23c49d2de526b45e3293

github.com/arduino/arduino-ide/releases/tag/2.3.7

support.arduino.cc/...-3-7-Resolves-Multiple-Vulnerabilities

cve.org (CVE-2025-64723)

nvd.nist.gov (CVE-2025-64723)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.