Description
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.
Published: 2025-01-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Access
Action: Patch
AI Analysis

Impact

This flaw stems from improper state management in macOS that allows a malicious application to read any file on the system. The weakness matches CWE‑862, Failure to Check Permissions before Performing an Operation, enabling unauthorized data access. The CVE description does not reference integrity or denial‑of‑service impacts, so the effect is confined to the acquisition of sensitive information.

Affected Systems

Apple macOS is affected. The issue is fixed in macOS Sequoia 15.3, so all releases before 15.3 are vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1 % signals a very low probability of active exploitation. The vulnerability is not listed in CISA’s KEV catalog. The reference to a “malicious app” suggests the attack vector is local or user‑initiated; an attacker would need to compile or distribute a compromised application that the user runs.

Generated by OpenCVE AI on April 28, 2026 at 12:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to Sequoia 15.3 or later to apply the state‑management fix
  • If a malicious application is identified, remove or quarantine it immediately to stop further file access
  • Keep Gatekeeper and sandboxing features enabled to limit execution of untrusted applications

Generated by OpenCVE AI on April 28, 2026 at 12:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3613 This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.
History

Tue, 28 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
Title macOS Arbitrary File Access via Improper State Management

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Jan 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:11.307Z

Reserved: 2025-01-17T00:00:44.967Z

Link: CVE-2025-24096

cve-icon Vulnrichment

Updated: 2025-01-28T14:39:37.402Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:15.533

Modified: 2025-11-03T21:19:16.650

Link: CVE-2025-24096

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:15:30Z

Weaknesses