Full Report
TCC Bypass vulnerability (CVE-2025-15523) has been found in Inkscape application for MacOS.
Analysis Summary
# Vulnerability: TCC Bypass in Inkscape for MacOS
## CVE Details
- CVE ID: CVE-2025-15523
- CVSS Score: *Score not provided in source* (Severity information, e.g., Critical, High, Medium, Low: *Not explicitly stated*)
- CWE: CWE-276 (Incorrect Default Permissions)
## Affected Systems
- Products: Inkscape application
- Versions: All versions prior to 1.4.3
- Configurations: MacOS operating system installations of Inkscape.
## Vulnerability Description
This vulnerability exists because the MacOS version of Inkscape bundles a Python interpreter which inherits the Transparency, Consent, and Control (TCC) permissions granted to the main Inkscape application bundle. An attacker with local user access can execute arbitrary commands or scripts via this interpreter, allowing them to access files in privacy-protected user folders (which normally require TCC consent) without triggering any new user prompts. Accessing resources outside of the existing TCC permissions will still result in prompts managed by Inkscape.
## Exploitation
- Status: *Not explicitly stated, assumed unpatched risk*
- Complexity: *Not explicitly stated, requires local user access*
- Attack Vector: Local
## Impact
- Confidentiality: Access to files in TCC-protected directories.
- Integrity: Execution of arbitrary commands alongside elevated TCC scopes.
- Availability: *Not explicitly stated*
## Remediation
### Patches
- Inkscape version 1.4.3 addresses this vulnerability.
### Workarounds
- No official workarounds were listed, but restricting local user access or monitoring abnormal Inkscape process behavior would be advisory.
## Detection
- Detection methods and tools: Monitoring for execution of arbitrary commands/scripts originating from the Inkscape application bundle or its associated Python interpreter when not performing standard user operations.
- Indicators of compromise: Unexpected file access attempts from the Inkscape process in TCC-protected directories.
## References
- Vendor advisories: Inkscape (Implicitly addressed in the 1.4.3 release notes)
- Relevant links - defanged: https://incydent.cert.pl/#!/lang=en, https://www.cve.org/CVERecord?id=CVE-2025-15523, https://cert.pl/en/cvd/