CVE-2025-64723

Name: CVE-2025-64723
Creator: NVD / NIST
Published: 2025-12-18T16:15:55.47+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.8/10EPSS 0.11%

Last modified Jun 17, 2026

CVE-2025-64723 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. EPSS estimates a 0.11% chance of exploitation in the next 30 days.

Description

Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.

Metrics

CVSS 3.1

4.4/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS 4.0

4.8/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.11%

1.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-276

Affected Software

Vendor	Product	Versions
Arduino	Arduino Ide	< 2.3.7

References

https://github.com/arduino/arduino-ide/commit/1fa0fd31c8d6b62f19332e33713a8c5b0f4ed6f9Patch
https://github.com/arduino/arduino-ide/pull/2805Issue Tracking
https://github.com/arduino/arduino-ide/releases/tag/2.3.7Product, Release Notes
https://github.com/arduino/arduino-ide/security/advisories/GHSA-vf5j-xhwq-8vqjPatch, Vendor Advisory
https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-VulnerabilitiesVendor Advisory

Timeline

Published: Dec 18, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-64723?

How severe is CVE-2025-64723?

CVE-2025-64723 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.11% probability of exploitation in the next 30 days.

How do I fix CVE-2025-64723?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-64723?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST