Local Code Execution Vulnerability in GIMP for MacOS
CVE-2025-8672

4.8MEDIUM

Key Information:

Vendor

Gimp

Status
Gimp
Vendor
CVE Published:
11 August 2025

What is CVE-2025-8672?

The MacOS version of GIMP contains a vulnerability stemming from its bundling of a Python interpreter that retains Transparency, Consent, and Control (TCC) permissions previously granted by users to the main application. This allows an attacker with local user access to execute arbitrary commands or scripts, leveraging the granted TCC permissions to gain access to user files in privacy-protected locations without triggering user prompts. Furthermore, when accessing resources that exceed the granted permissions, the user will receive prompts that appear to be associated with GIMP, potentially obscuring the attacker's malicious activities. The issue has been remedied in the GIMP version 3.1.4.2.

Affected Version(s)

GIMP MacOS 0 < 3.1.4.2

References

https://gitlab.gnome.org/Infrastructure/gimp-macos-build
product
https://cert.pl/en/posts/2025/08/tcc-bypass/
third-party-advisory
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-...
technical-description

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karol Mazurek - Afine Team
JSON
.