Local Code Execution Vulnerability in Nozbe for macOS
CVE-2025-53813

4.8MEDIUM

Key Information:

Vendor: Nozbe
Status: Nozbe
Vendor: CVE Published:; 26 August 2025

What is CVE-2025-53813?

A vulnerability exists in Nozbe on macOS where the 'RunAsNode' fuse configuration permits a local attacker with unprivileged access to execute arbitrary code. This code execution takes place within the boundaries of Nozbe's Transparency, Consent, and Control (TCC) permissions, allowing access to any resources previously granted by the user. However, accessing additional resources requires user interaction through a system permission prompt. This issue was addressed in the 2025.11 release of Nozbe.

Affected Version(s)

Nozbe MacOS 0 < 2025.11

References

https://cert.pl/en/posts/2025/08/tcc-bypass/

third-party-advisory

https://nozbe.com/

product

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Jul 9, 2025

Credit

Karol Mazurek - AFINE Team