CVE-2025-4280
MEDIUMPoedit 2.0-3.6.2 - Unauthenticated Local Privilege Escalation via Python Interpreter TCC Permission Inheritance
Title source: llmDescription
MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Poedit, potentially disguising attacker's malicious intent. This issue has been fixed in 3.6.3 version of Poedit.
References (5)
Core 5
Core References
Various Sources third-party-advisory
https://cert.pl/posts/2025/05/CVE-2025-4280
Various Sources third-party-advisory
https://cert.pl/en/posts/2025/05/CVE-2025-4280
Various Sources product
https://poedit.net
Various Sources product
https://github.com/vslavik/poedit
Vendor Advisory third-party-advisory
https://github.com/vslavik/poedit/security/advisories/GHSA-8fcw-v6gr-hp34
Scores
CVSS v4
4.8
EPSS
0.0015
EPSS Percentile
4.3%
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-276
Status
published
Products (1)
Poedit/Poedit
2.0 - 3.6.3
Published
May 22, 2025
Tracked Since
Feb 18, 2026