Library Validation Bypass in DaVinci Resolve by Blackmagic Design
CVE-2025-4081

4.8MEDIUM

Key Information:

Vendor: Blackmagic Design
Status: Davinci Resolve
Vendor: CVE Published:; 29 May 2025

🔔 Create Blackmagic Design Vulnerability Alert

What is CVE-2025-4081?

A vulnerability in DaVinci Resolve for macOS allows local attackers to exploit the use of the entitlement 'com.apple.security.cs.disable-library-validation'. This lack of launch and library load constraints empowers malicious users to substitute a legitimate dynamic library (dylib) with their own. Although the attacker's ability to gain access to resources is limited to those permissions previously granted by the user, they can execute the application while bypassing Transparency, Consent, and Control (TCC) mechanisms. To access additional resources beyond what has been permitted, user interaction is required to respond to system prompts for permission.

Affected Version(s)

DaVinci Resolve MacOS 0

References

https://cert.pl/en/posts/2025/05/tcc-bypass/

third-party-advisory

https://www.blackmagicdesign.com/products/davinciresolve

product

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2025
Vulnerability Reserved
Apr 29, 2025

Credit

Karol Mazurek with AFINE