CVE-2025-65741 is a critical security vulnerability identified in Sublime Text 3 Build 3208 and earlier versions running on macOS. The vulnerability is classified as a dylib injection flaw (CWE-427), where an attacker can compile a malicious dynamic library (.dylib) and coerce the Sublime Text application to load and execute this library within its process context. This injection allows the attacker to execute arbitrary code with the same privileges as the Sublime Text process, potentially leading to full system compromise. The vulnerability does not require any privileges or user interaction, making it highly exploitable remotely if the attacker can deliver the malicious dylib and trigger its loading. The CVSS v3.1 score is 9.8 (critical), reflecting the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no public exploits have been reported yet, the nature of dylib injection on macOS makes this a significant threat, especially in environments where Sublime Text is used extensively. The lack of an official patch link indicates that a fix is either pending or not yet publicly disclosed, increasing the urgency for organizations to monitor updates closely. The vulnerability's exploitation could allow attackers to execute arbitrary commands, install persistent malware, exfiltrate sensitive data, or disrupt operations by crashing or manipulating the Sublime Text application and potentially the host system.

For European organizations, the impact of CVE-2025-65741 can be severe. Sublime Text is widely used by developers and creative professionals, many of whom operate on macOS platforms. Successful exploitation could lead to unauthorized access to sensitive source code, intellectual property, and confidential project data, undermining confidentiality. Integrity could be compromised by injecting malicious code or altering files within the development environment, potentially introducing backdoors or vulnerabilities into software products. Availability could be affected by crashing Sublime Text or the host system, disrupting critical workflows. Industries such as software development firms, digital agencies, financial services, and research institutions are particularly vulnerable due to their reliance on macOS workstations and Sublime Text. Additionally, the ability to execute code without user interaction or privileges increases the risk of automated or large-scale attacks. The absence of known exploits currently provides a window for proactive defense, but the critical severity demands immediate attention to prevent potential targeted attacks or supply chain compromises.

1. Immediately monitor Sublime Text official channels for patches addressing CVE-2025-65741 and apply updates as soon as they become available. 2. Until a patch is released, restrict the execution of untrusted or unsigned dylibs on macOS systems using tools like Gatekeeper and System Integrity Protection (SIP). 3. Employ macOS hardened runtime and code signing enforcement to prevent unauthorized dylib injection. 4. Limit Sublime Text usage to trusted environments and avoid opening untrusted projects or files that could trigger dylib loading. 5. Use endpoint detection and response (EDR) solutions capable of detecting anomalous dylib injection or process manipulation behaviors. 6. Educate developers and users about the risks of loading unverified plugins or extensions in Sublime Text. 7. Implement network segmentation and strict access controls to reduce the attack surface and prevent remote delivery of malicious dylibs. 8. Regularly audit macOS systems for unauthorized dylibs loaded into critical applications. 9. Consider temporary use of alternative editors or IDEs on macOS until the vulnerability is fully mitigated.