Description
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The flaw involves inadequate access control checks that allow a malicious application to retrieve private data from an iPad or Mac. The weakness is classified as CWE-284, indicating that an attacker could read data that should be protected. The result is a disclosure of potentially sensitive information, affecting confidentiality but not necessarily integrity or availability.

Affected Systems

Apple products running iPadOS or macOS are impacted. Versions earlier than iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5 are vulnerable. The issue has been addressed in the listed security updates.

Risk and Exploitability

The CVSS score of 5.5 suggests moderate severity, while an EPSS score below 1 % indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector, inferred from the description, is likely local: an adversary would need to install a malicious application—either through the App Store or by sideloading—to trigger the flaw. No network‑level exploitation is noted.

Generated by OpenCVE AI on April 28, 2026 at 02:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest available iPadOS or macOS releases that include the fixes (17.7.6, Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5 or later).
  • If updating is not immediately possible, disable installation of untrusted applications or deploy supervision to restrict app privileges.
  • Monitor the device for the presence of unapproved or suspicious applications and review app permission settings regularly.

Generated by OpenCVE AI on April 28, 2026 at 02:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8978 The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information.
History

Tue, 28 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Potential Private Information Disclosure in iPadOS and macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information. The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple macos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information.
References

Subscriptions

Apple Ipados Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:04.750Z

Reserved: 2025-01-17T00:00:45.002Z

Link: CVE-2025-24215

cve-icon Vulnrichment

Updated: 2025-04-01T15:00:16.160Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:19.490

Modified: 2026-04-02T19:19:20.590

Link: CVE-2025-24215

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:30:18Z

Weaknesses