QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-64723

Back to search

CVE-2025-64723

Published: Dec 18, 2025

Modified: Jan 14, 2026

PUBLISHED

Description

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.

VendorProductVersions

arduino

arduino-ide

affected
< 2.3.7

Weaknesses (CWE)

CWE-276

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now