关键漏洞信息 漏洞概述 CVE ID: CVE-2025-12792 发布日期: 2025-11-13 严重性: 低 CVSS 评分: 3.2 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N 影响的产品和版本 影响的产品和版本: Canva for Mac desktop app before version 1.117.1 不受影响的产品和版本: The Canva for Mac desktop app distributed through canva.com 漏洞详情 问题描述: The Mac App Store distribution of the Canva for Mac desktop app was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva. 修复建议: Canva recommends users to upgrade to the latest version of the Canva application via the Mac App Store. 其他信息 致谢: This vulnerability was submitted to Canva's Bug Bounty Program by p1ts1.