ByteOS Network

NVD Vulnerability Details :

CVE-2025-1413

Awaiting Analysis

Source-cvd@cert.pl

Published At-28 Feb, 2025 | 09:15

Updated At-03 Oct, 2025 | 09:15

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects DaVinci Resolve on MacOS in versions before 19.1.3.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.4	HIGH	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 8.4

Base severity: HIGH

Vector:

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-732	Primary	cvd@cert.pl

CWE ID: CWE-732

Type: Primary

Source: cvd@cert.pl

References

Hyperlink	Source	Resource
https://apps.apple.com/pl/app/davinci-resolve/id571213070?mt=12	cvd@cert.pl	N/A
https://cert.pl/en/posts/2025/02/CVE-2025-1413/	cvd@cert.pl	N/A
https://cert.pl/posts/2025/02/CVE-2025-1413/	cvd@cert.pl	N/A