PT-2025-47233 · Canva · Canva For Mac
P1Tsi
·
Published
2025-11-18
·
Updated
2025-11-18
·
CVE-2025-12792
CVSS v3.1
3.2
Low
| Vector | AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Canva for Mac versions prior to 1.117.1
Description
The Canva for Mac desktop app, when distributed through the Mac App Store, was released without Hardened Runtime enabled. This allowed a local attacker with standard user privileges to run arbitrary code with the same permissions granted to Canva through the Transparency, Consent, and Control (TCC) framework. TCC manages user permissions for accessing protected resources on macOS.
Recommendations
Update to version 1.117.1 or later.
Fix
LPE
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Canva For Mac