CVE-2025-12843 – This CVE describes a code injection vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-12843?

CVE-2025-12843 has a CVSS score of 5.5 (MEDIUM). This CVE describes a code injection vulnerability in waveterm's Electron Fuses implementation on macOS that allows bypassing TCC (Transparency, Consent, and Control) protections. Attackers can execute arbitrary code with elevated permissions, potentially accessing sensitive system resources. Users running waveterm 0.12.2 on macOS are affected.

📋 TL;DR

This CVE describes a code injection vulnerability in waveterm's Electron Fuses implementation on macOS that allows bypassing TCC (Transparency, Consent, and Control) protections. Attackers can execute arbitrary code with elevated permissions, potentially accessing sensitive system resources. Users running waveterm 0.12.2 on macOS are affected.

💻 Affected Systems

Products:

waveterm

Versions: 0.12.2

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects macOS due to TCC bypass mechanism. Requires waveterm to be installed and running.

📦 What is this software?

Wave Terminal by Waveterm

View all CVEs affecting Wave Terminal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to access sensitive data (camera, microphone, files), install persistent malware, or pivot to other systems on the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to protected resources like camera, microphone, or sensitive files that normally require user consent.

🟢

If Mitigated

Limited impact if proper application sandboxing and TCC protections are enforced, though some system resources may still be accessible.

🌐 Internet-Facing: LOW - This appears to be a local exploitation vulnerability requiring user interaction or local access.

🏢 Internal Only: MEDIUM - Internal users with access to vulnerable systems could exploit this for privilege escalation and data access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or user interaction. The advisory from Fluid Attacks provides technical details about the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check waveterm GitHub repository for latest version

Vendor Advisory: https://github.com/wavetermdev/waveterm

Restart Required: Yes

Instructions:

1. Visit waveterm GitHub repository 2. Download latest version 3. Uninstall old version 4. Install new version 5. Restart system

🔧 Temporary Workarounds

Disable or Remove waveterm

macOS

Uninstall waveterm to eliminate the vulnerability

sudo rm -rf /Applications/waveterm.app
brew uninstall waveterm

Restrict Application Permissions

macOS

Use macOS Privacy settings to restrict waveterm's access to sensitive resources

🧯 If You Can't Patch

Implement strict application control policies to prevent unauthorized waveterm execution
Monitor for suspicious process creation or TCC permission changes related to waveterm

🔍 How to Verify

Check if Vulnerable:

Check waveterm version: Open waveterm → About menu or check installed version in Applications folder

Check Version:

defaults read /Applications/waveterm.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify installed version is newer than 0.12.2 and check GitHub for security updates

📡 Detection & Monitoring

Log Indicators:

Unexpected TCC permission grants to waveterm
Suspicious child processes spawned from waveterm

Network Indicators:

Unusual outbound connections from waveterm process

SIEM Query:

process_name:"waveterm" AND (event_type:"process_creation" OR event_type:"tcc_permission_change")

📊 Metadata

CVE ID: CVE-2025-12843

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-94

EPSS Score: 0.02% exploit probability (6th percentile)

Published: December 12, 2025

Last Updated: January 5, 2026

🔗 References

https://fluidattacks.com/advisories/minutos Third Party Advisory,Exploit
https://github.com/wavetermdev/waveterm Product
https://fluidattacks.com/advisories/minutos Third Party Advisory,Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12843, you might also want to check these: