CVE-2025-64723 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting the Arduino IDE on macOS platforms prior to version 2.3.7. The root cause is the IDE’s configuration with overly permissive security entitlements that circumvent macOS Hardened Runtime protections designed to restrict unauthorized code execution and library injection. Specifically, these entitlements allow an attacker with local access and limited privileges to inject malicious dynamic libraries into the running Arduino IDE process. This injection enables the attacker to inherit all TCC permissions granted to the IDE, which control access to sensitive user data and system resources such as contacts, calendars, camera, microphone, and location services. The vulnerability does not require user interaction and can be exploited without elevated privileges, though local access is necessary. The CVSS 4.0 base score is 4.8 (medium severity), reflecting the limited attack vector (local) but significant impact on confidentiality and integrity due to TCC permission exposure. The vulnerability was publicly disclosed on December 18, 2025, and fixed in Arduino IDE version 2.3.7. No public exploits have been reported to date. This vulnerability highlights the importance of secure default permissions and proper use of macOS Hardened Runtime entitlements in application development to prevent privilege escalation and unauthorized data access.

For European organizations, the primary impact of this vulnerability is the potential unauthorized access to sensitive user data and system resources on macOS systems running vulnerable Arduino IDE versions. This could lead to data leakage, privacy violations, and potential compromise of development environments. Organizations involved in software development, education, or IoT projects using Arduino IDE on macOS are at risk. The ability to bypass Hardened Runtime protections and access TCC permissions undermines macOS’s security model, increasing the risk of lateral movement or further exploitation if combined with other vulnerabilities. Although exploitation requires local access, insider threats or compromised user accounts could leverage this vulnerability to escalate privileges or exfiltrate sensitive information. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. The impact on availability is minimal, but confidentiality and integrity could be significantly affected.

European organizations should immediately update all macOS installations of Arduino IDE to version 2.3.7 or later to remediate this vulnerability. Additionally, organizations should audit and restrict local user access on macOS systems to trusted personnel only, minimizing the risk of local exploitation. Employ endpoint detection and response (EDR) solutions capable of monitoring for suspicious dynamic library injections or anomalous process behavior related to the Arduino IDE. Review and tighten TCC permissions granted to applications, ensuring the principle of least privilege is enforced. Implement macOS security best practices such as enabling System Integrity Protection (SIP) and regularly applying security patches. For environments where immediate update is not feasible, consider isolating vulnerable systems or restricting Arduino IDE usage to controlled environments. Finally, educate developers and users about the risks of running outdated software and the importance of timely updates.