CVE-2025-7961 is a medium-severity vulnerability classified under CWE-94, which pertains to improper control of code generation, commonly known as code injection. This vulnerability affects version 3.6.0 of Wulkano's KAP application on macOS. The flaw allows an attacker with limited privileges (low privileges, requiring local access) to bypass the Transparency, Consent, and Control (TCC) framework on macOS. TCC is a security mechanism that controls application access to sensitive user data and system resources. By exploiting this vulnerability, an attacker can inject and execute arbitrary code within the context of the KAP application, potentially escalating privileges or accessing protected resources without user consent or notification. The CVSS 4.0 score of 6.9 reflects a medium severity, with the attack vector being local (AV:L), requiring low attack complexity (AC:L), no user interaction (UI:N), and no authentication (AT:N) but requiring low privileges (PR:L). The vulnerability has a high impact on confidentiality (VC:H), low on integrity (VI:L), and no impact on availability (VA:N). The scope is limited (SC:L), and there is no known exploit in the wild as of the published date. No patches or mitigation links have been provided yet, indicating that users of version 3.6.0 remain at risk until an update is released. The vulnerability is significant because it undermines macOS's built-in privacy controls, potentially exposing sensitive user data or enabling further malicious activity on affected systems.

For European organizations, this vulnerability poses a risk primarily to those using macOS systems with the vulnerable version of KAP installed. Since KAP is a screen recording and sharing tool, it is often used in creative, educational, and corporate environments. Exploitation could lead to unauthorized access to sensitive screen content, bypassing user consent mechanisms, which may result in data leakage or privacy violations. This is particularly critical under the GDPR framework, where unauthorized data access can lead to regulatory penalties. The TCC bypass could also facilitate lateral movement or privilege escalation within corporate networks if attackers gain footholds on endpoint devices. Organizations relying on macOS endpoints for sensitive operations or communications are at risk of confidentiality breaches. The lack of known exploits in the wild reduces immediate threat but does not eliminate the risk, especially as attackers may develop exploits once the vulnerability details are public. The medium severity suggests that while the vulnerability is serious, exploitation requires local access and some privileges, limiting remote or mass exploitation scenarios. However, insider threats or compromised low-privilege accounts could leverage this vulnerability to escalate access or exfiltrate data.

To mitigate this vulnerability, European organizations should: 1) Immediately audit and inventory all macOS devices to identify installations of Wulkano KAP version 3.6.0. 2) Temporarily disable or uninstall KAP on critical systems until a patch is released. 3) Implement strict endpoint security controls to limit local access to authorized users only, reducing the risk of local exploitation. 4) Monitor macOS system logs and TCC permission changes for suspicious activity indicative of TCC bypass attempts. 5) Employ application whitelisting and macOS security features such as System Integrity Protection (SIP) and Endpoint Detection and Response (EDR) solutions to detect anomalous code injection behaviors. 6) Educate users about the risks of running untrusted code or applications with elevated privileges. 7) Stay alert for vendor updates or patches from Wulkano and apply them promptly once available. 8) Consider network segmentation to isolate macOS devices running KAP from sensitive systems to limit potential lateral movement.