CVE-2025-15523 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-15523 Interim 1 1 2026-03-05T01:24:12Z current 2026-03-05T01:24:12Z 2026-03-05T01:24:12Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-15523 MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent. This issue has been fixed in 1.4.3 version of Inkscape. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Workstation Extension 15 SP7 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 SUSE Linux Enterprise Workstation Extension 15 SP7 inkscape inkscape-extensions-extra inkscape-extensions-fig inkscape-extensions-gimp inkscape-extensions-scribus inkscape-lang inkscape as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 inkscape-extensions-extra as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 inkscape-extensions-fig as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 inkscape-extensions-gimp as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 inkscape-extensions-scribus as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 inkscape-lang as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 inkscape as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 inkscape-extensions-extra as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 inkscape-extensions-fig as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 inkscape-extensions-gimp as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 inkscape-lang as a component of SUSE Linux Enterprise Workstation Extension 15 SP7 MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent. This issue has been fixed in 1.4.3 version of Inkscape. CVE-2025-15523 SUSE Linux Enterprise Module for Package Hub 15 SP7:inkscape SUSE Linux Enterprise Module for Package Hub 15 SP7:inkscape-extensions-extra SUSE Linux Enterprise Module for Package Hub 15 SP7:inkscape-extensions-fig SUSE Linux Enterprise Module for Package Hub 15 SP7:inkscape-extensions-gimp SUSE Linux Enterprise Module for Package Hub 15 SP7:inkscape-extensions-scribus SUSE Linux Enterprise Module for Package Hub 15 SP7:inkscape-lang SUSE Linux Enterprise Workstation Extension 15 SP7:inkscape SUSE Linux Enterprise Workstation Extension 15 SP7:inkscape-extensions-extra SUSE Linux Enterprise Workstation Extension 15 SP7:inkscape-extensions-fig SUSE Linux Enterprise Workstation Extension 15 SP7:inkscape-extensions-gimp SUSE Linux Enterprise Workstation Extension 15 SP7:inkscape-lang moderate 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N