Primary

Context

Arduino IDE Privilege Escalation Vulnerability in macOS

Vulnerability

A vulnerability in Arduino IDE for macOS, prior to version 2.3.7, allows local users to exploit world-writable file permissions on sensitive application components. This misconfiguration enables the replacement of legitimate files with malicious code. When the application is launched by another user, the injected code executes with that user's privileges, potentially leading to unauthorized access to sensitive data and privilege escalation.

Impact

Exploitation of this vulnerability allows for privilege escalation and unauthorized access to sensitive data on the affected user's account.

Remediation

Users are advised to update Arduino IDE to version 2.3.7 or later. The update is available on the official Arduino software release page.

Added: Dec 18, 2025, 5:10 PM

Updated: Dec 18, 2025, 5:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arduino IDE Privilege Escalation Vulnerability in macOS

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating