CVE-2025-4081

Vulnerability

Analysis

CVE-2025-4081 identifies a security flaw in all versions of DaVinci Resolve on macOS, including the latest tested version 19.1.3. The root cause is the application's use of the entitlement com.apple.security.cs.disable-library-validation, which disables macOS's standard library validation. Combined with the absence of launch and library load constraints, this allows a local attacker with unprivileged access to replace a legitimate dynamic library (dylib) with a malicious one. The application then executes with the altered library, effectively bypassing Transparency, Consent, and Control (TCC) protections [1][2].

Exploitation

Exploitation requires local access to the system as an unprivileged user. The attacker substitutes a dylib that DaVinci Resolve loads at runtime. Because the entitlement disables library validation, the operating system does not verify the library's signature, allowing the malicious dylib to be loaded without triggering security warnings. The attack surface is limited to resources for which the user has previously granted permission to DaVinci Resolve via TCC prompts [2].

Impact

A successful attack grants the attacker access to the same TCC-protected resources that the user has already authorized for DaVinci Resolve, such as microphone, camera, or files. The attacker does not gain access to resources beyond those permissions without additional user interaction; accessing other resources requires a system prompt asking the user for permission. This limits the breach to previously authorized data and capabilities [2].

Mitigation

As of the publication date, no patch has been announced. Affected users should monitor vendor updates from Blackmagic Design. The advisory from CERT Polska recommends that users apply security updates as soon as they become available [2].