Home / Security updates / CVE-2025-12792
CVE-2025-12792
Security updates detail rendered from /security-updates/upd_0b5d9cfcfecce413.
Overview
| ID | upd_0b5d9cfcfecce413 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Canva |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_0b5d9cfcfecce413 |
| providerId | safebase |
| organizationId | org_fff8cc1b477b85f7 |
| trustCenterId | tc_8342c8033d0df9de |
| title | CVE-2025-12792 |
| message | # Security Bulletin **Published Date:** 13 November 2025 **CVE:** CVE-2025-12792 **Severity:** Low **CVSS:** 3.2 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N **Affected Products and Versions:** The Canva for Mac desktop app before version 1.117.1, released through the Mac App Store. The Canva for Mac desktop app distributed through [canva.com](http://canva.com/) is not affected. ## Details The Mac App Store distribution of the Canva for Mac desktop app was built without [Hardened Runtime](https://developer.apple.com/documentation/security/hardened-runtime). A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva. ## Remediation Advice Canva recommends users upgrade to the latest version of the Canva application via the Mac App Store. ## Acknowledgements This vulnerability was submitted to [Canva's Bug Bounty Program](https://www.canva.com/security/bug-bounty/) by |
| url | - |
| publishedAt | 2025-11-14 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_fff8cc1b477b85f7",
"name": "Canva",
"domains": [
"trust.canva.com",
"canva.com"
]
} |
| trust_center | {
"id": "tc_8342c8033d0df9de",
"name": "Canva",
"url": "https://trust.canva.com",
"host": "trust.canva.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_0b5d9cfcfecce413",
"company": "/v1/companies/org_fff8cc1b477b85f7",
"trust_center": "/v1/trust-centers/tc_8342c8033d0df9de",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_0b5d9cfcfecce413JSON