CVE-2025-65741

CRITICAL

Sublime Text 3 <3208 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-65741. PoCs published by vinicius-batistella.

AI-analyzed exploit summary This PoC demonstrates a Dylib Injection vulnerability in Sublime Text 3 for macOS, allowing an attacker to execute arbitrary code by injecting a malicious dynamic library. The exploit leverages the DYLIB_INSERT_LIBRARIES environment variable to load an unsigned .dylib file, resulting in arbitrary command execution.

Description

Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application.

Exploits (1)

nomisec WORKING POC
by vinicius-batistella · poc
https://github.com/vinicius-batistella/CVE-2025-65741

This PoC demonstrates a Dylib Injection vulnerability in Sublime Text 3 for macOS, allowing an attacker to execute arbitrary code by injecting a malicious dynamic library. The exploit leverages the DYLIB_INSERT_LIBRARIES environment variable to load an unsigned .dylib file, resulting in arbitrary command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Sublime Text 3 Build 3208 or prior for macOS
No auth needed
Prerequisites: Access to the target macOS system · Ability to compile a malicious .dylib file · Sublime Text 3 Build 3208 or prior installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0044
EPSS Percentile 35.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-427
Status published
Products (1)
sublimetext/sublime_text_3 < 3.2.2
Published Dec 09, 2025
Tracked Since Feb 18, 2026