Description
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Published: 2025-05-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via Sandbox Escape
Action: Patch ASAP
AI Analysis

Impact

The vulnerability is a file quarantine bypass that allows an application to escape its macOS sandbox. By exploiting missing validation checks, a malicious app could execute code outside the sandbox boundaries, potentially accessing or modifying system files, escalating privileges, and compromising the integrity of the operating system. This flaw is categorized as CWE‑693, emphasizing the failure to enforce required security controls.

Affected Systems

Apple macOS, specifically versions before Sequoia 15.5 are vulnerable. The fix is delivered in macOS Sequoia 15.5, so any device running an earlier release of macOS Sequoia or prior macOS iterations remains at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, while the EPSS score of less than 1 % suggests a low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog, reflecting its relatively low exploitation probability. An attacker would typically need to supply a malicious application that leverages the quarantine bypass to break out of the sandbox, indicating a local or application-based attack vector.

Generated by OpenCVE AI on April 28, 2026 at 01:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.5 or later to apply the quarantine bypass fix.
  • Verify that system integrity protection and the quarantine mechanism are enabled to prevent future bypass attempts.
  • Limit the installation of third‑party applications and review App‑Store permissions to reduce sandbox escape opportunities.

Generated by OpenCVE AI on April 28, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14640 A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
History

Tue, 28 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title File Quarantine Bypass Allowing Sandbox Escape in macOS

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 13 May 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:00.336Z

Reserved: 2025-03-27T16:13:58.326Z

Link: CVE-2025-31244

cve-icon Vulnrichment

Updated: 2025-11-03T19:51:52.859Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:24.633

Modified: 2025-11-03T20:18:22.423

Link: CVE-2025-31244

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:00:15Z

Weaknesses