CVE-2025-1413 HIGH

CVE-2025-1413: Dylib Hijacking in DaVinci Resolve

Vendor Blackmagic Design Inc
Product DaVinci Resolve
Weakness CWE-732
Published February 28, 2025
Last update October 3, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects DaVinci Resolve on MacOS in versions before 19.1.3.

Key dates

02Disclosure timeline

February 28, 2025 CVE published
October 3, 2025 Record updated