Description
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality breach via app access to user data
Action: Patch
AI Analysis

Impact

An access issue in macOS was mitigated by adding sandbox restrictions. The vulnerability allows an application to read user‑sensitive data that it should not see. The weakness corresponds to CWE‑200, Information Exposure, and could result in unintended data disclosure to a malicious or non‑privileged app.

Affected Systems

Apple macOS is affected. Versions prior to the fixes in macOS Sequoia 15.4 and macOS Sonoma 14.7.5 are vulnerable. All earlier releases of these macOS lines have the exposure until the listed patches are applied.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate impact. The EPSS score of less than 1 % suggests that attacks are unlikely currently, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is not explicitly disclosed in the available data; it is inferred to be a local app privilege scenario where a malicious or compromised application can access data because sandbox restrictions were insufficient.

Generated by OpenCVE AI on April 28, 2026 at 11:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sequoia 15.4 or later, or macOS Sonoma 14.7.5 or later, which include the new sandbox restrictions.
  • Temporarily restrict third‑party applications' sandbox permissions using launchd or System Preferences until the OS is updated.
  • After updating, audit application permissions and the sandbox profile to ensure no legacy apps have bypasses that can expose data.

Generated by OpenCVE AI on April 28, 2026 at 11:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8934 An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
History

Tue, 28 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Title App May Gain Unauthorized Access to User Sensitive Data in macOS

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 05:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:45.881Z

Reserved: 2025-01-17T00:00:45.020Z

Link: CVE-2025-24280

cve-icon Vulnrichment

Updated: 2025-11-03T21:12:31.852Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:24.383

Modified: 2025-11-03T22:18:39.743

Link: CVE-2025-24280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:45:30Z

Weaknesses