CVE-2025-15523 TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app

MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the...

CVE-2025-14714

A flaw was found in LibreOffice. This vulnerability allows privilege escalation where an attacker's scripts run with the application's Transparency, Consent, and Control TCC privileges via direct execution of the bundled interpreter. Mitigation Mitigation for this issue is either not available or...

Libre Office TCC Bypass via Bundled Interpreter vulnerability (Dec 2025) - Mac OS X

Libre Office is prone to a tcc bypass via bundled interpreter vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

CVE-2025-14714

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

EUVD-2025-203361

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

CVE-2025-14714

CVE-2025-14714 affects LibreOffice on macOS (25.2.x) prior to 25.2.4. The root cause is an Authentication Bypass where the application bundles a Python interpreter that inherits the user’s TCC permissions; executing the bundled interpreter directly causes attacker scripts to run with the applicat...

LibreOffice 安全漏洞

LibreOffice is an open source office software suite from The Document Foundation. A security vulnerability exists in LibreOffice versions 25.2 up to and including 25.2.4, which stems from the application's bundled interpreter inheriting TCC permissions from the main application, potentially leadi...

CVE-2025-8672 TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app

MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application...