CVE-2025-1413: Dylib Hijacking in DaVinci Resolve
Description
DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects DaVinci Resolve on MacOS in versions before 19.1.3.
Classification
CVE ID: CVE-2025-1413
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.2
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Problem Types
CWE-266 Incorrect Privilege AssignmentAffected Products
Vendor: Blackmagic Design Inc
Product: DaVinci Resolve
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 0.48% (scored less or equal to compared to others)
EPSS Date: 2025-03-29 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1413https://cert.pl/en/posts/2025/02/CVE-2025-1413/
https://cert.pl/posts/2025/02/CVE-2025-1413/
https://apps.apple.com/pl/app/davinci-resolve/id571213070?mt=12