Home > Vulnerability Database > CVE-2025-64723

Mend.io Vulnerability Database

CVE-2025-64723

Good to know:

Date: December 18, 2025

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the "2.3.7 " release.

Severity Score

4.4

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64723

Url: https://github.com/arduino/arduino-ide/releases/tag/2.3.7

Url: https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-Vulnerabilities

Url: https://github.com/arduino/arduino-ide/pull/2805/commits/2f7667136ee95ce07dde23c49d2de526b45e3293

Url: https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqj

Url: https://www.mend.io/vulnerability-database/CVE-2025-64723

Severity Score

4.4

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Top Fix

Upgrade Version

Upgrade to version https://github.com/arduino/arduino-ide.git - 2.3.7

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64723

Good to know:

Date: December 18, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?