CVE-2025-64723

Name of the Vulnerable Software and Affected Versions Arduino IDE versions prior to 2.3.7

Description Arduino IDE for macOS, before version 2.3.7, had overly permissive security entitlements. This configuration bypassed macOS Hardened Runtime protections, allowing attackers to inject malicious dynamic libraries into the application process. Successful exploitation granted attackers access to all Transparency, Consent, and Control (TCC) permissions assigned to the application.

Recommendations Update to version 2.3.7 or later.