Description
The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update Xcode
AI Analysis

Impact

The vulnerability permits a malicious app to access private information, constituting an information disclosure flaw (CWE‑200).

Affected Systems

Apple Xcode installations older than version 16.3 are affected; the issue was fixed in Xcode 16.3 and later releases.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate impact while the EPSS score of less than 1 % suggests a low likelihood of exploitation in the wild. This flaw is not listed in the CISA KEV catalog. The probable attack vector is a local malicious application that can run on the host system.

Generated by OpenCVE AI on April 28, 2026 at 19:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Xcode 16.3 or a later version to receive the patch that addresses this vulnerability.
  • Remove any older Xcode installations that are known to be vulnerable on the affected machines.
  • Limit the execution of untrusted applications so that no malicious application can run with sufficient privileges to exploit this flaw.

Generated by OpenCVE AI on April 28, 2026 at 19:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8976 The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
History

Tue, 28 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Title Information Disclosure in Xcode via Malicious App

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple xcode
CPEs cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple xcode

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
References

Subscriptions

Apple Xcode
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:27.956Z

Reserved: 2025-01-17T00:00:45.005Z

Link: CVE-2025-24226

cve-icon Vulnrichment

Updated: 2025-11-03T21:09:10.790Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:19.990

Modified: 2025-11-03T21:19:36.077

Link: CVE-2025-24226

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:15:25Z

Weaknesses