Description
The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access to Sensitive User Data
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from an inadequate restriction of data container access, enabling an application to read data that should be isolated from other apps. Affected applications could read sensitive user information such as passwords, personal files, or secrets that reside in protected containers. This flaw is a confidentiality breach (CWE‑200). The high CVSS score of 9.8 reflects that the bug permits full disclosure of protected data without authentication requirements.

Affected Systems

The issue impacts Apple platforms that are not running the patched releases: iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, and watchOS 11.4. Devices with earlier OS versions may allow any installed app to access confidential data in the container directories.

Risk and Exploitability

With an EPSS score of less than 1 % the probability of exploitation is currently low, and the vulnerability is not listed in CISA KEV. Nevertheless, the critical CVSS score indicates that a successful exploitation would compromise confidentiality of user data. The likely attack vector is an application that is installed on the device—malicious or misconfigured—that gains read access to protected container data. Remediation requires vendors to deploy the corrected sandbox restrictions.

Generated by OpenCVE AI on April 28, 2026 at 02:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all devices to the patched releases: iOS 18.4 or newer, iPadOS 18.4 or newer, macOS Sequoia 15.4 or newer, macOS Sonoma 14.7.5 or newer, tvOS 18.4 or newer, and watchOS 11.4 or newer.
  • Avoid installing third‑party or unverified applications that request unnecessary access to personal data; install only from trusted sources such as the official App Store.
  • For managed deployments, enforce strict app permission policies and monitor for anomalous container access patterns to detect potential exploitation.

Generated by OpenCVE AI on April 28, 2026 at 02:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8886 The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Unrestricted Data Container Access Allowing App to Read Sensitive User Data

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.
References

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:00.884Z

Reserved: 2025-03-27T16:13:58.311Z

Link: CVE-2025-31183

cve-icon Vulnrichment

Updated: 2025-04-01T13:49:49.721Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:28.740

Modified: 2026-04-02T19:19:43.170

Link: CVE-2025-31183

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:00:10Z

Weaknesses