CVE-2025-65741

|
CVE-2025-65741 Sublime Text vulnerability Dylib Injection security critical severity CVE database MacOS security

Summary

CVE-2025-65741 is a critical severity vulnerability affecting Sublime Text 3 Build 3208 and prior on MacOS. This vulnerability allows for Dylib Injection, potentially leading to arbitrary code execution within the context of the Sublime Text application.

Successful exploitation could grant an attacker significant control over the affected system.

Technical Details

CVE-2025-65741 describes a Dylib Injection vulnerability in Sublime Text 3 on MacOS. The application, in versions up to and including Build 3208, lacks sufficient security measures to prevent the loading of arbitrary dynamic libraries (.dylib files). An attacker can exploit this by crafting a malicious .dylib file and placing it in a location where Sublime Text will load it upon startup or during normal operation. When Sublime Text loads the malicious library, the attacker's code is executed within the application's process, inheriting its privileges.

This vulnerability stems from the way Sublime Text handles library loading and its failure to adequately validate the integrity and origin of loaded libraries. The MacOS dynamic linker loads libraries based on paths specified in the application's executable or through environment variables. By manipulating these paths or leveraging weaknesses in the application's library loading process, an attacker can force Sublime Text to load their malicious library.

Affected Products and Versions

  • Sublime Text 3 Build 3208 and prior (MacOS)

Impact Assessment

Successful exploitation of CVE-2025-65741 can have severe consequences.

  • Arbitrary Code Execution: An attacker can execute arbitrary code within the context of the Sublime Text application.
  • Data Theft: The attacker can potentially access and steal sensitive data handled by Sublime Text, such as source code, configuration files, and API keys.
  • System Compromise: Depending on the privileges of the user running Sublime Text, the attacker may be able to escalate privileges and gain control over the entire system.
  • Malware Installation: The attacker can use the compromised Sublime Text instance to install malware or other malicious software on the system.

Remediation

Immediate Actions

  • Upgrade Sublime Text: Upgrade to the latest version of Sublime Text, which contains a fix for this vulnerability. Check the Sublime Text website for updates.
  • Verify Software Integrity: Ensure that your Sublime Text installation is from a trusted source and has not been tampered with.

Long-term Solutions

  • Implement Code Signing: Ensure all software is properly code signed to verify its authenticity and prevent tampering.
  • Strengthen Library Loading Security: Implement stricter security measures to prevent the loading of untrusted dynamic libraries.

References

Detection & Scanning

Detecting CVE-2025-65741 typically involves analyzing the Sublime Text installation for signs of tampering or the presence of unauthorized dynamic libraries. Security scanners can be configured to identify vulnerable versions of Sublime Text and to detect suspicious files in the application's directory.

Scan Your Website

Secably AI Scanner can detect this and 50+ other vulnerabilities automatically.

Start Free Scan

Scan Your Website for Vulnerabilities

Discover security issues before attackers do. Our AI-powered scanner checks for the vulnerabilities discussed in this guide and more.

Start Free Scan