CVE-2025-64723 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) found in the Arduino IDE for macOS versions prior to 2.3.7. The root cause is the IDE’s default security entitlements being overly permissive, which allows attackers to bypass macOS Hardened Runtime protections. Hardened Runtime is a macOS security feature designed to restrict code injection and other runtime manipulations. Due to the misconfiguration, an attacker with low-level privileges on the host system can inject malicious dynamic libraries into the running Arduino IDE process. This injection enables the attacker to inherit all TCC permissions granted to the IDE, which include access to sensitive user data and system resources such as contacts, calendar, camera, microphone, and file system locations protected by macOS privacy controls. The vulnerability does not require user interaction and can be exploited locally without elevated privileges, making it a significant risk in environments where multiple users share machines or where local access is possible. The vulnerability was publicly disclosed on December 18, 2025, with a CVSS 4.0 base score of 4.8, indicating a medium severity level. The fix was incorporated in Arduino IDE version 2.3.7, which corrects the entitlement configuration to align with Hardened Runtime requirements, preventing unauthorized code injection and preserving TCC protections. No known exploits are reported in the wild at this time, but the vulnerability’s nature suggests potential for privilege escalation and data exfiltration if exploited.

For European organizations, the impact of CVE-2025-64723 primarily concerns confidentiality and integrity of sensitive data accessed through TCC permissions on macOS systems running vulnerable Arduino IDE versions. Attackers exploiting this vulnerability can gain unauthorized access to protected resources such as user contacts, calendars, camera, microphone, and file system areas, potentially leading to data leakage or espionage. This risk is particularly relevant for organizations involved in software development, education, or IoT projects where Arduino IDE is commonly used. The vulnerability could also facilitate lateral movement within networks if attackers leverage compromised local machines to escalate privileges or access additional systems. Although the vulnerability requires local access and low privileges, environments with shared workstations or insufficient endpoint security controls are at higher risk. The medium CVSS score reflects the moderate ease of exploitation balanced against the requirement for local access and lack of remote attack vector. The absence of known exploits reduces immediate threat but does not eliminate future risk. Organizations handling sensitive intellectual property or personal data under GDPR should consider this vulnerability a potential compliance and security concern.

European organizations should implement the following specific mitigations: 1) Immediately update all macOS installations of Arduino IDE to version 2.3.7 or later to apply the security fix. 2) Restrict local access to developer workstations by enforcing strong user authentication and limiting physical and remote login capabilities. 3) Employ endpoint detection and response (EDR) solutions capable of detecting unauthorized dynamic library injections or anomalous process behavior on macOS. 4) Regularly audit installed software versions and entitlement configurations on macOS systems to ensure compliance with security policies. 5) Educate developers and users about the risks of running outdated software and the importance of timely patching. 6) Use macOS system integrity protection (SIP) and enable Hardened Runtime protections on custom applications to reduce attack surface. 7) Monitor system logs for suspicious activity related to Arduino IDE processes or TCC permission usage. These targeted actions go beyond generic patching advice by focusing on access control, monitoring, and configuration management specific to the vulnerability’s exploitation vector.