Low severity3.2NVD Advisory· Published Nov 18, 2025· Updated Apr 15, 2026

CVE-2025-12792

Description

The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva.

Affected products

Canva/Canvainferred
Range: <1.117.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

trust.canva.comnvd

News mentions

No linked articles in our index yet.

cvss	0.208
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000