Description
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Sandbox Bypass
Action: Immediate Patch
AI Analysis

Impact

A flaw in macOS’s library injection mechanism allows an application to load arbitrary code that can in turn bypass the restrictions of the App Sandbox. The affected code path can lead to execution of malicious payloads with the privileges of the sandboxed application, potentially escalating privileges or compromising the system. The weakness is classified as Improper Access Control and carries a CVSS score of 9.8, indicating an extremely high severity.

Affected Systems

Apple macOS operating systems prior to the release of Sequoia 15.4, Sonoma 14.7.5 and Ventura 13.7.5 are impacted. Any macOS version that does not include the patch release is potentially vulnerable.

Risk and Exploitability

The EPSS score of less than 1% suggests that exploitation is rare, but the CVSS score indicates that once exploited, the damage can be severe. The flaw is not listed in the CISA KEV catalog. The likely attack vector involves launching an application that declares sandbox usage yet can inject libraries; the attacker would need local system access or a malicious app that can be installed on the target machine.

Generated by OpenCVE AI on April 28, 2026 at 11:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to at least Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5 to receive the library injection fix.
  • Disable or remove any third‑party applications that may use custom libraries or have been reported to bypass the App Sandbox.
  • Ensure System Integrity Protection is enabled and that only signed, approved system extensions are allowed to load libraries.

Generated by OpenCVE AI on April 28, 2026 at 11:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8899 A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title macOS Library Injection Flaw Allows App Sandbox Bypass

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions. A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Apps that appear to use App Sandbox may be able to launch without restrictions.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:15:16.291Z

Reserved: 2025-03-22T00:04:43.722Z

Link: CVE-2025-30462

cve-icon Vulnrichment

Updated: 2025-04-01T14:10:27.082Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:27.583

Modified: 2026-04-02T19:19:41.140

Link: CVE-2025-30462

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:00:13Z

Weaknesses