Description
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious application may be able to leak sensitive user information.
Published: 2025-01-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

An improper state management flaw in macOS allows a malicious application to read sensitive user information that it should not be able to access. The weakness can expose personal data or credentials stored by the operating system, compromising the confidentiality of a user’s private data. The primary consequence is a breach of privacy and potential exposure of personal or organizational secrets.

Affected Systems

Apple’s macOS is affected; the vulnerability is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3. Consequently, all earlier releases—Sequoia 15.0‑15.2, Sonoma 14.0‑14.7.2, and Ventura 13.0‑13.7.2—remain vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk, and the EPSS score of less than 1 % suggests very low current exploitation likelihood. The flaw is not listed in the CISA KEV catalog, implying no known active exploitation. Based on the description, the attack vector appears local, requiring a malicious application already present or installed on the affected macOS system to exploit the state-management weakness. Precise conditions for exploitation are not detailed, but the vulnerability entails a local privilege escalation capable of leaking confidential data.

Generated by OpenCVE AI on April 28, 2026 at 04:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sequoia 15.3 or later, macOS Sonoma 14.7.3 or later, or macOS Ventura 13.7.3 or later.
  • Enable Gatekeeper or equivalent code‑signing enforcement to block unsigned or untrusted applications from executing.
  • Configure system logging or monitoring utilities to alert on unusual local applications that attempt to access sensitive user data.

Generated by OpenCVE AI on April 28, 2026 at 04:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3646 This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information.
History

Tue, 28 Apr 2026 04:30:00 +0000

Type Values Removed Values Added
Title macOS Sensitive Information Leak via Improper State Management

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information. This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A malicious application may be able to leak sensitive user information.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 24 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Mon, 03 Mar 2025 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Tue, 18 Feb 2025 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-922
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Tue, 28 Jan 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-922
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious application may be able to leak sensitive user information.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:16:18.473Z

Reserved: 2025-01-17T00:00:44.974Z

Link: CVE-2025-24138

cve-icon Vulnrichment

Updated: 2025-11-03T21:03:36.631Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:18.530

Modified: 2026-04-02T19:19:05.883

Link: CVE-2025-24138

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:15:16Z

Weaknesses