Description
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Data Exposure via Pasteboard
Action: Patch Immediately
AI Analysis

Impact

A configuration issue in macOS allows a malicious or maliciously‑tricked application to trick a user into copying sensitive data to the system pasteboard, exposing that data to any application with pasteboard access. The weakness arises from insufficient access controls (CWE‑284) that permit an app to manipulate the clipboard without the user's explicit consent. This results in a confidentiality compromise where private information can be retrieved by other apps or the attacker.

Affected Systems

Apple macOS versions earlier than the fixed releases are affected: Sequoia before 15.4, Sonoma before 14.7.5, and Ventura before 13.7.5. Devices running these unpatched versions may be susceptible to the pasteboard manipulation flaw.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8, indicating critical severity, yet the EPSS score is less than 1 %, pointing to a low likelihood of widespread exploitation at present. The flaw is not listed in the CISA KEV catalog. Exploitation would require a malicious local application or social‑engineering effort to entice a user to paste sensitive data; no network‑based attack vector is described.

Generated by OpenCVE AI on April 28, 2026 at 03:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to the latest release (Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5) to apply the built‑in restriction fix.
  • Restrict or revoke pasteboard read/write permissions for untrusted applications, reducing the potential attack surface.
  • Monitor clipboard activity and disable unnecessary clipboard sharing between applications whenever possible.

Generated by OpenCVE AI on April 28, 2026 at 03:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8963 A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.
History

Tue, 28 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Title Pasteboard Data Leakage Vulnerability

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard. A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Wed, 02 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 02 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:31.428Z

Reserved: 2025-01-17T00:00:45.008Z

Link: CVE-2025-24241

cve-icon Vulnrichment

Updated: 2025-11-03T21:10:18.935Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:21.337

Modified: 2026-04-02T19:19:25.187

Link: CVE-2025-24241

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:30:19Z

Weaknesses