Description
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sequoia 15.5, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Update
AI Analysis

Impact

A privacy flaw in Apple macOS allows an application to read or otherwise expose user‑sensitive information. The vulnerability stems from vulnerable code paths that were removed during remediation, but the damage is a privacy breach that can leak data the user expects to remain confidential. This represents an information exposure weakness, aligned with CWE‑200.

Affected Systems

Apple macOS is affected, specifically macOS Sequoia 15.4 and 15.5, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. The flaw can be triggered by any application that was able to use the vulnerable code in these releases.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Access to protected data appears to be possible via local application code; the attacker would need to run or install software that can exploit the available code paths, making the threat vector likely local or application‑based.

Generated by OpenCVE AI on April 28, 2026 at 03:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest macOS update that includes the security fix (macOS 14.7.5, 13.7.5, Sequoia 15.4, or 15.5).
  • Remove or disable third‑party applications known to access sensitive data through the vulnerable paths until the system is updated.
  • Configure security settings to restrict applications from accessing protected user data as an additional protective measure.

Generated by OpenCVE AI on April 28, 2026 at 03:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8915 A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
History

Tue, 28 Apr 2026 03:30:00 +0000

Type Values Removed Values Added
Title macOS Privacy Information Disclosure Vulnerability Allowing App Access to User‑Sensitive Data

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sequoia 15.5, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.
References

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:12:29.863Z

Reserved: 2025-03-22T00:04:43.718Z

Link: CVE-2025-30443

cve-icon Vulnrichment

Updated: 2025-04-01T14:32:34.533Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:26.173

Modified: 2026-04-02T19:19:37.843

Link: CVE-2025-30443

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:15:05Z

Weaknesses