Description
An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Protected Data
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an access issue that allows an application to read protected user data from the system pasteboard, representing an instance of unauthorized access (CWE‑862). The description indicates that insufficient sandbox restrictions on the pasteboard can expose protected information; it is inferred that an attacker would need a local or sandboxed application to exploit this capability.

Affected Systems

Apple macOS is affected; any build preceding Sequoia 15.4 contains the flaw, while Sequoia 15.4 and later include the sandbox fix.

Risk and Exploitability

The CVSS score of 9.8 flags a critical threat. The EPSS score of less than 1 % implies that exploitation is currently unlikely to be widespread. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is local, involving a sandboxed or ordinary application that can read the pasteboard. The published fix in Sequoia 15.4 restores proper sandbox restrictions to prevent such unauthorized reads.

Generated by OpenCVE AI on April 28, 2026 at 19:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply macOS Sequoia 15.4 or newer that includes the sandbox restriction fix
  • Limit pasteboard access for applications by adjusting system privacy settings to restrict untrusted apps
  • Keep the system updated by monitoring Apple security advisories for further fixes or advisories

Generated by OpenCVE AI on April 28, 2026 at 19:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8902 An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
History

Tue, 28 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Title macOS System Pasteboard Access Issue Enabling Unauthorized Data Read

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:15.172Z

Reserved: 2025-03-22T00:04:43.721Z

Link: CVE-2025-30461

cve-icon Vulnrichment

Updated: 2025-04-01T20:42:02.759Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:27.493

Modified: 2025-11-03T22:18:48.270

Link: CVE-2025-30461

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:15:25Z

Weaknesses