CVE-2025-24181 - Vulnerability Details

- Permissions Bypass Allowing Access to Protected User Data

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.

Published: 2025-03-31

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability originates from a permissions oversight that allows applications to read or manipulate sensitive user information that should be protected. This flaw can enable an attacker to obtain confidential data, compromise user privacy, or perform further type of user‑level exploitation. Based on the description, the likely attack vector involves locally installed or malicious applications that exploit the permission gap to access protected files or system resources, though the exact method is not detailed in the advisory.

Affected Systems

Apple macOS. All macOS releases older than Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5 are vulnerable. The fix is applied in those patched versions.

Risk and Exploitability

The CVSS score of 9.8 highlights the severity of the issue, while the EPSS score of less than 1% indicates that automated exploitation is unlikely at this time. The vulnerability is not listed in the CISA KEV catalog, but it remains a high‑impact privacy concern. Attackers would need to deliver or run a malicious application on the target machine to take advantage of the permission lapse. The exploit requires local execution and no external network interaction is described in the available information.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 13.7.5
`0`	affected	< 14.7.5
`0`	affected	< 15.4

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade macOS to Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5 or later.
Remove or disable any untrusted or unknown applications that could exploit the permission flaw.
Enforce stricter app sandboxing and review permissions in System Settings to limit data access to authorized apps.

Generated by OpenCVE AI on April 28, 2026 at 03:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-9000	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00659.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/8
http://seclists.org/fulldisclosure/2025/Apr/9
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375

History

Tue, 28 Apr 2026 03:30:00 +0000

Type	Values Removed	Values Added
Title		Permissions Bypass Allowing Access to Protected User Data

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/10 http://seclists.org/fulldisclosure/2025/Apr/8 http://seclists.org/fulldisclosure/2025/Apr/9

Mon, 07 Apr 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
CPEs		cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 31 Mar 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description		A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
References		https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122374 https://support.apple.com/en-us/122375

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-31T22:23:01.317Z

Updated: 2026-04-02T18:13:49.691Z

Reserved: 2025-01-17T00:00:44.993Z

Link: CVE-2025-24181

Vulnrichment

Updated: 2025-11-03T21:06:43.110Z

NVD

Status : Modified

Published: 2025-03-31T23:15:17.173

Modified: 2026-04-02T19:19:14.480

Link: CVE-2025-24181

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T03:15:05Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object