Arduino Ide
Approved changes feed: RSS · Atom
cpe:2.3:a:arduino:arduino-ide:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Arduino (a6c9e11a-439e-5c89-be14-a8208b9cb88c) |
|---|---|
| Product | Arduino Ide (c2c295e4-bc03-576a-b073-64226bf2ab2e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-64724 |
vulnerable | 2026-06-08 07:39:20.201004 |
Arduino IDE for macOS has Insecure File Permissions
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the application, the malicious code executes with that user's privileges, enabling privilege escalation and unauthorized access to sensitive data. The fix is included starting from the `2.3.7` release.
Published: 2025-12-18T15:18:39.642Z
Updated: 2025-12-18T19:06:40.437Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64723 |
vulnerable | 2026-06-08 07:39:20.199770 |
Arduino IDE for macOS has TCC Bypass via Dynamic Library Injection
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release.
Published: 2025-12-18T15:15:15.883Z
Updated: 2026-01-14T16:41:03.867Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27608 |
vulnerable | 2026-06-08 07:14:55.368282 |
Self Cross-Site Scripting in Arduino IDE
Arduino IDE 2.x is an IDE based on the Theia IDE framework and built with Electron. A Self Cross-Site Scripting (XSS) vulnerability has been identified within the Arduino-IDE prior to version v2.3.5. The vulnerability occurs in the Additional Board Manager URLs field, which can be found in the Preferences -> Settings section of the Arduino IDE interface. In the vulnerable versions, any values entered in this field are directly displayed to the user through a notification tooltip object, without a proper output encoding routine, due to the underlying ElectronJS engine interpretation. This vulnerability exposes the input parameter to Self-XSS attacks, which may lead to security risks depending on where the malicious payload is injected. This vulnerability is fixed in 2.3.5.
Published: 2025-04-02T21:09:16.943Z
Updated: 2025-04-03T14:01:53.189Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.