Security Advisory

CVE-2025-12792

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-18 00:18:00

Last updated 2025-11-18 16:35:38

Assigner Bugcrowd

State PUBLISHED

Description

The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva.

← Browse all CVEs View on cve.org ↗