CVE-2025-4280 in PoeditИнформация

Сводка

по MITRE • 22.05.2025

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Poedit, potentially disguising attacker's malicious intent.

This issue has been fixed in 3.6.3 version of Poedit.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Ответственный

CERT-PL

Резервировать

05.05.2025

Раскрытие

22.05.2025

Модерация

принято

Вход

VDB-309963

EPSS

0.00148

KEV

Нет

Деятельности

Очень низкий

Источники

Do you want to use VulDB in your project?

Use the official API to access entries easily!