CVE-2025-8672

Name: CVE-2025-8672
Creator: NVD / NIST
Published: 2025-08-11T13:15:37.88+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.8/10EPSS 0.30%

Last modified Jun 17, 2026

CVE-2025-8672 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent. This issue has been fixed in 3.1.4.2 version of GIMP.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

4.8/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.30%

21.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-276

Affected Software

Vendor	Product	Versions
Gimp	Gimp	>= 3.0.2

References

https://cert.pl/en/posts/2025/08/tcc-bypass/Third Party Advisory
https://gitlab.gnome.org/GNOME/gimp/-/issues/13848Issue Tracking
https://gitlab.gnome.org/Infrastructure/gimp-macos-buildProduct
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/Third Party Advisory

Timeline

Published: Aug 11, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-8672?

How severe is CVE-2025-8672?

CVE-2025-8672 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2025-8672?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-8672?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST