CVE-2025-15523

Name of the Vulnerable Software and Affected Versions Inkscape versions prior to 1.4.3

Description The MacOS version of Inkscape includes a Python interpreter that utilizes the Transparency, Consent, and Control (TCC) permissions previously authorized by the user for the main application. A local attacker can execute arbitrary commands or scripts through this interpreter, potentially gaining access to user files in privacy-protected folders without requiring additional user approval. While accessing resources beyond the initially granted TCC permissions will prompt the user for approval, this approval will appear to originate from Inkscape, potentially concealing the attacker's actions.

Recommendations Update to Inkscape version 1.4.3 or later.