Description

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.

INFO

Published Date :

2025-12-18T15:15:15.883Z

Last Modified :

2025-12-18T19:06:47.330Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64723 vulnerability.

Vendors Products
Apple
  • Macos
Arduino
  • Arduino
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64723.

URL Resource
https://github.com/arduino/arduino-ide/pull/2805/commits/2f7667136ee95ce07dde23c49d2de526b45e3293 cve-icon cve-icon
https://github.com/arduino/arduino-ide/releases/tag/2.3.7 cve-icon cve-icon
https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqj cve-icon cve-icon
https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-Vulnerabilities cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability