Full Report
TCC Bypass vulnerabilities has been found in GIMP (CVE-2025-8672), Mosh-Pro (CVE-2025-53811), Cursor (CVE-2025-9190), MacVim (CVE-2025-8597), Nozbe (CVE-2025-53813) and Invoice Ninja (CVE-2025-8700) applications for MacOS.
Analysis Summary
This summary aggregates information regarding multiple Transparancy, Consent, and Control (TCC) Bypass vulnerabilities affecting several macOS applications. The common theme is that applications are improperly allowing code execution paths that inherit existing user TCC permissions, bypassing system security prompts.
## Vulnerability: TCC Bypass in Multiple macOS Applications
### CVE Details (Grouped by common vulnerability type)
| CVE ID | Affected Product | Vulnerability Type (CWE) | CVSS Score | Severity |
| :--- | :--- | :--- | :--- | :--- |
| CVE-2025-8672 | GIMP | CWE-276 (Incorrect Default Permissions) | N/A | N/A |
| CVE-2025-53811 | Mosh-Pro | CWE-276 (Incorrect Default Permissions) | N/A | N/A |
| CVE-2025-9190 | Cursor | CWE-276 (Incorrect Default Permissions) | N/A | N/A |
| CVE-2025-53813 | Nozbe | CWE-276 (Incorrect Default Permissions) | N/A | N/A |
| CVE-2025-8597 | MacVim | CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) | N/A | N/A |
| CVE-2025-8700 | Invoice Ninja | CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere) | N/A | N/A |
*Note: CVSS scores were not provided in the source text.*
### Affected Systems
- **Products:** GIMP, Mosh-Pro, Cursor, MacVim, Nozbe, Invoice Ninja.
- **Versions:**
- GIMP: All before 3.1.4.2 (macOS only)
- Mosh-Pro: All through 1.3.2 (macOS only)
- Cursor: All through 15.4.1 (macOS only)
- MacVim: All before r181.2 (macOS only)
- Nozbe: All before 2025.11 (macOS only)
- Invoice Ninja: All before 5.0.175 (macOS only)
- **Configurations:** All vulnerabilities are specific to the **macOS** platform. Mosh-Pro and Nozbe issues require the 'RunAsNode' fuse to be enabled. MacVim and Invoice Ninja issues relate to the presence of the `com.apple.security.get-task-allow` entitlement.
### Vulnerability Description
These vulnerabilities stem from issues in how these applications handle security entitlements or process execution on macOS, leading to a bypass of the Transparency, Consent, and Control (TCC) framework.
**CWE-276 (GIMP, Mosh-Pro, Cursor, Nozbe):**
The application components (e.g., bundled Python interpreter in GIMP, or code executed via 'RunAsNode' in Mosh-Pro/Nozbe) inherit the parent application's existing TCC permissions. This allows a local, unprivileged attacker to execute commands or scripts that gain access to user files within folders previously granted access by the user to the main application, without triggering new TCC prompts.
**CWE-497 (MacVim, Invoice Ninja):**
The presence of the `com.apple.security.get-task-allow` entitlement allows a local attacker (e.g., via a malicious application) to attach a debugger to the running process. This bypasses signing checks (Hardened Runtime) and TCC restrictions, enabling the attacker to read/modify process memory or inject code, leveraging existing TCC grants. The presence of this entitlement is deemed a vulnerability because it removes a required authorization prompt typically needed for debugging external applications.
### Exploitation
- **Status:** Not explicitly stated as exploited in the wild, but PoC is implied by the nature of the flaw (local privilege escalation via TCC bypass).
- **Complexity:** Likely **Low** to **Medium**, as it requires existing local user access to the machine.
- **Attack Vector:** **Local** (Requires an attacker to already have local user access).
### Impact
The impact is limited to resources to which the *vulnerable application* has already been granted access by the user.
- **Confidentiality:** High (Access to user files/data within TCC-granted scopes).
- **Integrity:** High (Ability to modify files/execute code within TCC-granted scopes).
- **Availability:** Low to Medium (Potential for disruption depending on the exploited process).
### Remediation
#### Patches
- **GIMP:** Update to version **3.1.4.2** or later.
- **Mosh-Pro:** Patch status is **unknown** (Vendor did not respond).
- **Cursor:** Update to version **15.4.1** or later.
- **MacVim:** Update to build **r181.2** or later.
- **Nozbe:** Update to version **2025.11** or later.
- **Invoice Ninja:** Update to version **5.0.175** or later.
#### Workarounds
- No specific workarounds were detailed in the source material, but general mitigation involves restricting application permissions or updating immediately. For the CWE-497 issue, removing the vulnerable entitlement would resolve the issue if source patching is unavailable.
### Detection
- **Indicators of Compromise:** Look for attempts by these specific applications to access sensitive files or execute unexpected scripts/commands *outside* of their expected operational scope, especially after being run by a standard user.
- **Detection methods and tools:** Monitoring system calls and TCC events related to the affected applications for unauthorized access patterns (though the bypass may mask the standard TCC prompt failure).
### References
- [Vendor advisories] (Specific vendor advisories are not provided, only the source report)
- [Relevant links - defanged]
- Source: hxxps://cert.pl/en/news/2025/08/tcc-bypass-vulnerabilities-in-six-applications-for-macos
- CVD Process: hxxps://cert.pl/en/cvd/