Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to read or write to protected files.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Protected Files
Action: Immediate Patch
AI Analysis

Impact

A permissions flaw in macOS allows a malicious application to read or write protected files, potentially compromising sensitive data and system integrity. The flaw was addressed by adding additional access restrictions, but the vulnerability remains until it is patched. The high CVSS score of 9.8 reflects the seriousness of the impact.

Affected Systems

Appleā€™s macOS is affected; versions prior to macOS Sequoia 15.4, macOS Sonoma 14.7.5 and macOS Ventura 13.7.5 lack the fix, and therefore remain vulnerable.

Risk and Exploitability

The CVSS rating indicates a critical risk, whereas the EPSS score of less than 1% suggests low current exploitation probability. The vulnerability can be exploited by any application that the user installs, implying a typical local attack vector. It is not listed in the CISA KEV catalog, so no known mass exploitation has been reported yet.

Generated by OpenCVE AI on April 28, 2026 at 02:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade your macOS installation to Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5 or later.
  • Ensure System Integrity Protection (SIP) is enabled on the system to prevent unauthorized file operations.
  • Configure Gatekeeper and regularly apply Apple Security Updates to block malicious applications.

Generated by OpenCVE AI on April 28, 2026 at 02:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8984 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files.
History

Tue, 28 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title macOS Permissions Bypass Allowing Unauthorized File Access

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to read or write to protected files.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:10.831Z

Reserved: 2025-01-17T00:00:45.006Z

Link: CVE-2025-24233

cve-icon Vulnrichment

Updated: 2025-11-03T21:09:41.877Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:20.583

Modified: 2026-04-02T19:19:23.513

Link: CVE-2025-24233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:00:10Z

Weaknesses