CVE-2025-8672

EUVD-2025-24141
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent.

This issue has been fixed in 3.1.4.2 version of GIMP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
gimpgimp
3.0.2 ≤
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gimp
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://cert.pl/en/posts/2025/08/tcc-bypass/
https://gitlab.gnome.org/GNOME/gimp/-/issues/13848
https://gitlab.gnome.org/Infrastructure/gimp-macos-build
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/