Description
The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
Published: 2025-03-31
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Modification of Protected Files
Action: Patch ASAP
AI Analysis

Impact

A flaw in file system access controls allows an unprivileged application to write to protected parts of the file system. This violation of filesystem integrity can enable an attacker to alter or replace system files, potentially compromising the correctness and reliability of the operating system.

Affected Systems

The vulnerability affects Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Devices running versions prior to the patched releases—iOS 18.4, iPadOS 18.4 and 17.7.6, macOS Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5, tvOS 18.4, visionOS 2.4, and watchOS 11.4—are susceptible.

Risk and Exploitability

The CVSS score of 5.0 reflects a moderate severity assessment, and the EPSS score below 1% indicates a low likelihood of current exploitation. The vulnerability is not included in the CISA KeV catalog. Attackers would need local access to a malicious or compromised application; no remote exploitation path is described, so the threat primarily concerns users who install or run untrusted software on affected Apple platforms.

Generated by OpenCVE AI on April 28, 2026 at 18:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all Apple devices to the latest available OS version that includes the fix: iOS 18.4, iPadOS 18.4 or 17.7.6, macOS Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5, tvOS 18.4, visionOS 2.4, or watchOS 11.4.
  • Disallow third‑party applications from writing to system‑protected directories by enforcing the operating system’s integrity protection settings and, where possible, applying device‑management policies that restrict elevated file‑system access.
  • Maintain vigilance by monitoring system integrity and reviewing installed applications for unexpected privileges; avoid installing apps from unverified sources.

Generated by OpenCVE AI on April 28, 2026 at 18:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8999 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Title Unauthorized File System Modification via App on Apple Platforms
Weaknesses CWE-732

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system. The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.

Wed, 12 Nov 2025 00:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
References

Thu, 06 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 21:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system. The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to modify protected parts of the file system.
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipad Os
Apple macos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipad Os
Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.
References

Subscriptions

Apple Ipad Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:56.850Z

Reserved: 2025-01-17T00:00:45.000Z

Link: CVE-2025-24203

cve-icon Vulnrichment

Updated: 2025-11-03T21:07:41.395Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:18.383

Modified: 2026-04-02T19:19:18.197

Link: CVE-2025-24203

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:00:20Z

Weaknesses