CVE-2025-12792 – “Canva for Mac Hardened Runtime Elevation of Privilege Vulnerability”

CVE ID : CVE-2025-12792

Published : Nov. 18, 2025, 12:18 a.m. | 47 minutes ago

Description : The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva.

Severity: 3.2 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…