CVE-2025-64724

Name of the Vulnerable Software and Affected Versions Arduino IDE versions prior to 2.3.7

Description Arduino IDE for macOS, before version 2.3.7, was installed with overly permissive file permissions on critical application components. This allowed any local user to replace legitimate files with malicious code. When another user launched the application, the malicious code would execute with their privileges, potentially leading to privilege escalation and unauthorized access to sensitive data.

Recommendations Update to version 2.3.7 or later.