Description
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure through Improper Data Protection
Action: Apply Update
AI Analysis

Impact

An application running on macOS may obtain access to sensitive user data owing to a flaw in the operating system’s data protection mechanisms. This vulnerability is identified as CWE‑200 and can lead to confidentiality loss for users, exposing information that should remain private.

Affected Systems

All users of macOS versions preceding Sequoia 15.4 are affected, regardless of the device or setup. Once the 15.4 update is installed, the issue is fixed. The flaw does not discriminate between particular builds or configurations; any installation that has not applied the specified patch remains vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% shows low likelihood of widespread exploitation at this time, and the vulnerability is not currently listed in CISA’s KEV catalog. The attack is likely local, requiring an application to read protected data; a malicious or compromised app could trigger the data exposure, but no network‑remote exploitation is indicated by the available information.

Generated by OpenCVE AI on April 28, 2026 at 11:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.4 or later to receive the data‑protection fix
  • Restrict application permissions and verify that third‑party apps do not access sensitive data unnecessarily
  • Use macOS privacy settings to limit data availability to trusted applications
  • Keep applications and macOS updated to ensure any residual or new mitigations are applied

Generated by OpenCVE AI on April 28, 2026 at 11:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8931 This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Title macOS Sensitive Data Exposure through Improper Data Protection

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 05:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:16.326Z

Reserved: 2025-01-17T00:00:45.020Z

Link: CVE-2025-24281

cve-icon Vulnrichment

Updated: 2025-11-03T21:12:33.251Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:24.477

Modified: 2025-11-03T22:18:39.883

Link: CVE-2025-24281

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:45:30Z

Weaknesses