CRITICAL🇵🇱 Wersja polska

CVE-2025-65741

CVSS 9.8v3.1pub. 2025-12-09upd. 2026-01-02

Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application.

🤖 AI Analysis
How it works

The attack involves compiling a malicious dynamic library (.dylib) and placing it in a location searched by the application during dependency loading. Since Sublime Text 3 does not sufficiently verify library search paths, the malicious .dylib file is loaded and executed with the privileges of the application process. No user interaction is required beyond launching the vulnerable application.

Impact

An attacker can execute arbitrary code in the context of the Sublime Text process, which may lead to unauthorized access to user data, privilege escalation, or system compromise — in accordance with the CVSS vector indicating complete breach of confidentiality, integrity, and availability.

Mitigation & patch

Sublime Text should be updated to a version higher than Build 3208 or upgraded to Sublime Text 4. It is recommended to apply the principle of least privilege and restrict write permissions to directories searched by the application. Patches available from the vendor should be applied according to the references.

Who is affected

Sublime Text 3 Build 3208 and earlier on macOS.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sublimetext Sublime Text 3

    APP
    Sublimetext
    < 3.2.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-9116HIGH7.8ten sam produkt

DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Tro...

CVE-2017-8368HIGH7.8ten sam produkt

Sublime Text 3 Build 3126 allows user-assisted attackers to cause a denial of service or possibly have unspeci...