CVE-2025-1413
Dylib Hijacking in DaVinci Resolve
Severity Score
9.2
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects DaVinci Resolve on MacOS in versions before 19.1.3.
*Credits:
Karol Mazurek with AFINE
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2025-02-18 CVE Reserved
- 2025-02-28 CVE Published
- 2025-02-28 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
CAPEC
- CAPEC-233: Privilege Escalation
References (3)
| URL | Tag | Source |
|---|---|---|
| https://apps.apple.com/pl/app/davinci-resolve/id571213070?mt=12 | Product | |
| https://cert.pl/en/posts/2025/02/CVE-2025-1413 | Third Party Advisory | |
| https://cert.pl/posts/2025/02/CVE-2025-1413 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Blackmagic Design Inc Search vendor "Blackmagic Design Inc" | DaVinci Resolve Search vendor "Blackmagic Design Inc" for product "DaVinci Resolve" | < 19.1.3 Search vendor "Blackmagic Design Inc" for product "DaVinci Resolve" and version " < 19.1.3" | en |
Affected
| ||||||