CVE-2025-64723
📋 TL;DR
Arduino IDE for macOS versions before 2.3.7 had overly permissive security entitlements that bypass macOS Hardened Runtime protections. This allows attackers to inject malicious dynamic libraries into the application process, potentially gaining access to all TCC permissions granted to Arduino IDE. Only macOS users running Arduino IDE versions before 2.3.7 are affected.
💻 Affected Systems
- Arduino IDE
📦 What is this software?
Arduino Ide by Arduino
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full access to all TCC permissions granted to Arduino IDE (camera, microphone, location, files, etc.) and can execute arbitrary code with those permissions.
Likely Case
Local attackers or malicious applications could inject code to access sensitive data or system resources that Arduino IDE has permission to access.
If Mitigated
With proper macOS security controls and updated software, the attack surface is significantly reduced to only trusted applications.
🎯 Exploit Status
Requires local access and ability to execute code or inject libraries. Exploitation depends on what TCC permissions Arduino IDE has been granted by the user.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3.7
Vendor Advisory: https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqj
Restart Required: Yes
Instructions:
1. Open Arduino IDE. 2. Go to Arduino IDE → Check for Updates. 3. Install version 2.3.7 or later. 4. Restart Arduino IDE after installation.
🔧 Temporary Workarounds
Remove Arduino IDE TCC permissions
macosRevoke all TCC permissions granted to Arduino IDE in System Settings to limit potential damage if exploited.
1. Open System Settings → Privacy & Security
2. Review each permission category (Camera, Microphone, Files and Folders, etc.)
3. Remove Arduino IDE from any allowed applications
Use alternative development environments
allTemporarily use PlatformIO, VS Code with Arduino extension, or Arduino CLI until patched.
🧯 If You Can't Patch
- Limit Arduino IDE's TCC permissions to only essential functions
- Run Arduino IDE in a sandboxed environment or virtual machine
🔍 How to Verify
Check if Vulnerable:
Check Arduino IDE version in About Arduino IDE menu. If version is below 2.3.7, you are vulnerable.Check Version:
In Arduino IDE: Arduino IDE → About Arduino IDEVerify Fix Applied:
Verify Arduino IDE version is 2.3.7 or higher in About Arduino IDE menu.📡 Detection & Monitoring
Log Indicators:
- Unexpected dynamic library loading in Arduino IDE process
- Unusual TCC permission usage by Arduino IDE
Network Indicators:
- None - this is a local privilege escalation vulnerability
SIEM Query:
process_name:"Arduino IDE" AND (event_type:"library_load" OR event_type:"tcc_access")🔗 References
- https://github.com/arduino/arduino-ide/commit/1fa0fd31c8d6b62f19332e33713a8c5b0f4ed6f9
- https://github.com/arduino/arduino-ide/pull/2805
- https://github.com/arduino/arduino-ide/releases/tag/2.3.7
- https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqj
- https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-Vulnerabilities
