Bulletin ID: ASEC-25-004
Date: Dec 18, 2025
Product/Component: Arduino-IDE
Affected versions: <= 2.3.6
Fixed version: >= 2.3.7
Summary
A new version of the Arduino IDE is now available at the following link: Arduino IDE v2.3.7 Release.
This release includes following updates:
-
A dedicated security fix for the CVE-2025-64724 vulnerability that affects all Arduino IDE versions before version v2.3.7. Further details are available in the official security advisory at the following link: GHSA-3fvj-pgqw-fgw6.
-
Moreover, a dedicated security fix for the CVE-2025-64723 vulnerability that affects all Arduino IDE versions before version v2.3.7. Further details are available in the official security advisory at the following link: GHSA-vf5j-xhwq-8vqj.
Action Required
To ensure security and stability, users are advised to update Arduino-IDE to version v2.3.7 as soon as possible. This update automatically includes all patches described above.
Update Steps:
- Download the latest version from the official release page: https://www.arduino.cc/en/software
- Follow the installation instructions provided in the documentation.
- Verify that the update was successful.
Additional Information
For further details regarding the resolved vulnerabilities, refer to the following CVE reports:
For any questions or support, please refer to the Arduino-IDE GitHub repository or the official support channels.
Contact
If you encounter any issues or have questions regarding this security update, please contact our security team at security@arduino.cc.
