Description
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system.
Published: 2025-01-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

An application may modify protected areas of the filesystem, enabling unauthorized changes to critical system files. This flaw allows the attacker to raise the effective privileges of the application, potentially compromising system integrity and leading to further escalation.

Affected Systems

Apple macOS is affected on releases prior to macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3. Those versions lack the improved checks that prevent modifications of protected filesystem components.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, while the EPSS score of less than 1% suggests a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local: an application running with user privileges can exploit the flaw to alter protected filesystem parts. If an attacker can execute code with elevated privileges, the impact would be widespread due to the ability to modify protected system files.

Generated by OpenCVE AI on April 28, 2026 at 03:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.3 or later, macOS Sonoma 14.7.3 or later, or macOS Ventura 13.7.3 or later to obtain the fix announced by Apple.
  • Disable or remove any third‑party applications that attempted to modify protected filesystem areas and audit for unintended changes.
  • Ensure System Integrity Protection is enabled and applications run with the least privileges necessary.

Generated by OpenCVE AI on April 28, 2026 at 03:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3640 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.
History

Tue, 28 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Title Privilege Escalation by Modifying Protected Filesystem Components
Weaknesses CWE-269

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system. The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 18 Mar 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 18 Mar 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 18 Feb 2025 19:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 28 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to modify protected parts of the file system.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:27:15.056Z

Reserved: 2025-01-17T00:00:44.973Z

Link: CVE-2025-24130

cve-icon Vulnrichment

Updated: 2025-11-03T21:03:11.798Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:17.977

Modified: 2026-04-02T19:19:04.623

Link: CVE-2025-24130

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:00:05Z

Weaknesses