VYPR
Low severity3.2NVD Advisory· Published Nov 18, 2025· Updated Apr 15, 2026

CVE-2025-12792

CVE-2025-12792

Description

The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Canva/Canvainferred2 versions
    <1.117.1+ 1 more
    • (no CPE)range: <1.117.1
    • (no CPE)range: <1.117.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.

CVE-2025-12792 · Low · VYPR