Description
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.
Published: 2025-03-31
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

An improper handling of symbolic links in macOS allows a root‑privileged application to read private data that should otherwise be protected. The vulnerability is classified as CWE‑59, indicating a path traversal issue where the operating system does not properly validate link targets before allowing access.

Affected Systems

The issue affects Apple macOS prior to the release of macOS Sequoia 15.4. users running earlier macOS versions (e.g., Sequoia 15.3 or earlier) are susceptible until they update to the fixed version.

Risk and Exploitability

The CVSS score of 4.4 signals a moderate impact level, while the EPSS score of less than 1% reflects a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, and it requires that the attacker already has root privileges on the system. Consequently, the risk is primarily relevant in environments where malicious or compromised root‑level processes could leverage the flaw to read sensitive files.

Generated by OpenCVE AI on April 28, 2026 at 02:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version Sequoia 15.4 or later, where the symlink handling fix has been applied.
  • Verify that symbolic links now correctly enforce path restrictions by attempting to access a private file through a crafted symlink.
  • Review any custom root‑privileged applications to ensure they do not rely on bypassing the new symlink restrictions; apply vendor‑specific updates or reconfigure those applications if necessary.

Generated by OpenCVE AI on April 28, 2026 at 02:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8968 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.
History

Tue, 28 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Symlink Handling Exploit Allowing Root Application to Access Private Information on macOS

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-59
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Tue, 01 Apr 2025 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app with root privileges may be able to access private information.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:14.441Z

Reserved: 2025-01-17T00:00:45.008Z

Link: CVE-2025-24242

cve-icon Vulnrichment

Updated: 2025-11-03T21:10:21.055Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:21.433

Modified: 2025-11-03T22:18:35.247

Link: CVE-2025-24242

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:30:18Z

Weaknesses