CVE-2025-4081

Name of the Vulnerable Software and Affected Versions DaVinci Resolve versions prior to the fixed version

Description The issue is related to the use of entitlement "com.apple.security.cs.disable-library-validation" and the lack of launch and library load constraints, allowing a local attacker with unprivileged access to substitute a legitimate dynamic library with a malicious one. This enables the attacker to bypass Transparency, Consent, and Control (TCC) and execute the application with altered dynamic library. The acquired resource access is limited to previously granted permissions by the user, and access to other resources beyond granted permissions requires user interaction with a system prompt asking for permission.

Recommendations For DaVinci Resolve, update to a version that includes the fix for this issue, as the current version 19.1.3 is affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.