Description
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.
Published: 2025-01-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure of user‑sensitive data
Action: Patch Update
AI Analysis

Impact

The vulnerability arises from insufficient redaction of sensitive data in macOS, enabling an application to read information that should remain private. This flaw aligns with CWE‑922, describing information exposure through improper output handling. An exploited application could retrieve user‑specific sensitive data, thereby compromising confidentiality without granting direct code execution or system takeover.

Affected Systems

Apple’s macOS is affected, with the issue present in all versions before Sequoia 15.3. The fix is supplied in macOS Sequoia 15.3 and later, so any earlier Sequoia release or older macOS tier remains at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% signals a low chance of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring a malicious or compromised application with sufficient local privileges to read the exposed information. No remote exploit path is described in the provided data.

Generated by OpenCVE AI on April 28, 2026 at 03:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.3 or a later release that implements the improved redaction fix.
  • Install the latest updates for all third‑party applications, especially those handling user‑sensitive data, to eliminate similar redaction flaws.
  • Enable detailed system logging and monitor for unusual data access patterns that could indicate misuse of sensitive information.

Generated by OpenCVE AI on April 28, 2026 at 03:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3616 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.
History

Tue, 28 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Title macOS Sequoia Improper Redaction Enables App Access to User‑Sensitive Data

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 24 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Wed, 29 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-922
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:17.206Z

Reserved: 2025-01-17T00:00:44.968Z

Link: CVE-2025-24101

cve-icon Vulnrichment

Updated: 2025-11-03T21:01:10.078Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:15.717

Modified: 2025-11-03T21:19:17.177

Link: CVE-2025-24101

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:00:05Z

Weaknesses