CNNVD-202512-3437 Information
CNNVD ID
CNNVD-202512-3437
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
Arduino IDE是Arduino开源的一个开发工具。 Arduino IDE 2.3.7之前版本存在安全漏洞,该漏洞源于文件权限配置不当,可能导致权限提升和敏感数据访问。
Description (English)
Arduino IDE is an open source development tool for Arduino. There was a security loophole in the previous version of Arduino IDE 2.3.7 resulting from the inappropriate configuration of document privileges, which could lead to enhanced privileges and sensitive data access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Arduino
Published
2025-12-18
Last Modified
2026-02-24
References
https://github.com/arduino/arduino-ide/pull/2805/commits/5d282f38496e96dcba02818536c0835bd684ec98 https://github.com/arduino/arduino-ide/releases/tag/2.3.7 https://github.com/arduino/arduino-ide/security/advisories/GHSA-3fvj-pgqw-fgw6 https://support.arduino.cc/hc/en-us/articles/24329484618652-ASEC-25-004-Arduino-IDE-v2-3-7-Resolves-Multiple-Vulnerabilities
Patch
https://www.arduino.cc/en/software/
Share on: