CVE-2025-1413: Critical Vulnerability found in DaVinci Resolve on macOS, Opening a Pathway to Dylib Hijacking & Privilege Escalation

To all security researchers and software developers, please read carefully and share widely. It is important to inform you about CVE-2025-1413, a critical and high-risk vulnerability involving DaVinci Resolve (the well-known video editing software) on macOS. DaVinci Resolve was found to have incorrect file permissions (rwxrwxrwx), which is inconsistent with standard macOS security practices, where application permissions should be drwxr-xr-x. This vulnerability can be exploited for Dylib hijacking, thus giving guest accounts, other users, and applications an opportunity for privilege escalation.

Impact: Local privilege escalation

Affected versions: DaVinci Resolve on macOS, versions before 19.1.3

Background

On macOS, the recommended file permissions for applications are "drwxr-xr-x," which translates to read, write, and execute permissions for the owner, and read and execute permissions for the group and others. These permissions ensure that only the owner can modify the application files, and unauthorized users have limited access.

Vulnerability Description

During security research and analysis, we discovered that DaVinci Resolve on macOS had incorrect file permissions (rwxrwxrwx) in place, which translates to read, write, and execute permissions for the owner, group, and others. This makes it possible for unauthorized users and applications to alter application files and implement dynamic library (dylib) hijacking attacks, where a malicious dylib is loaded in place of the legitimate one in the application.

An attacker with access to the operating system (e.g., a guest user or a malware) can take advantage of this vulnerability to achieve privilege escalation by injecting arbitrary code into the application to gain control. This potentially puts users at risk of further attacks and exfiltration of sensitive information.

Proof of Concept

To demonstrate the incorrect file permissions in DaVinci Resolve, simply run the following command in the macOS terminal:

ls -la /Applications/DaVinci\ Resolve/DaVinci\ Resolve.app

This will show the present permissions for the application, which should appear like this for the vulnerable version:

rwxrwxrwx

Original References

The original report for this vulnerability can be found on the CVE website.

Additional information related to the issue can be found in the National Vulnerability Database (NVD) entry.

Mitigation and Recommendations

To mitigate this vulnerability, users are advised to update DaVinci Resolve to version 19.1.3 or later. The developers have addressed the issue by implementing correct file permissions on macOS.

In the event that upgrading is not possible, users can manually set file permissions to the recommended drwxr-xr-x by running the following command in the macOS terminal:

sudo chmod 755 /Applications/DaVinci\ Resolve/DaVinci\ Resolve.app

Lastly, users are also encouraged to ensure that their system and applications are always up-to-date with the latest patches and security updates to prevent further vulnerabilities and risks.

Timeline

Published on: 02/28/2025 09:15:11 UTC
Last modified on: 03/26/2025 16:15:20 UTC