Description
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to user-sensitive data
Action: Apply update
AI Analysis

Impact

The vulnerability is an authorization flaw that was mitigated by improving state management. An application may obtain access to user-sensitive data, enabling it to read or manipulate information it should not be able to. This weakness corresponds to CWE‑284, describing improper access control. The impact is the potential exposure of personal data, but it does not allow arbitrary code execution or system takeover, and the CVSS score reflects a moderate severity.

Affected Systems

Affected Apple products include iOS devices running iOS 18.4 or earlier, iPadOS devices running iPadOS 18.4 or iPadOS 17.7.6 or earlier, and macOS installations running macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5 or earlier. Devices on earlier releases are vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate risk. The EPSS score of less than 1% suggests that exploitation is unlikely, and there is no indication the vulnerability appears in CISA KEV catalog. The attack vector is not explicitly stated; based on the description it is inferred that the issue requires local device access or an existing app that can exploit the state‑management flaw to read privileged data. No public exploits are known and the vulnerability is unlikely to be widely abused.

Generated by OpenCVE AI on April 28, 2026 at 02:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade each device to the latest available OS version, which now includes the fix (iOS 18.4, iPadOS 18.4 or 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5).
  • Reboot the device after the update to ensure all components are refreshed.
  • If an immediate OS upgrade is not possible, disable or uninstall any applications that can request access to user‑sensitive data, or otherwise review and restrict the app’s permissions so that it cannot exploit the authorization flaw.

Generated by OpenCVE AI on April 28, 2026 at 02:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8997 An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
History

Tue, 28 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title Authorization flaw enabling unauthorized access to user sensitive data on Apple iOS, iPadOS, macOS systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos

Wed, 02 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:05.884Z

Reserved: 2025-01-17T00:00:45.000Z

Link: CVE-2025-24205

cve-icon Vulnrichment

Updated: 2025-11-03T21:07:49.667Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:18.580

Modified: 2026-04-02T19:19:18.560

Link: CVE-2025-24205

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:45:11Z

Weaknesses