Description
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An attacker may gain access to protected parts of the file system.
Published: 2025-05-12
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized File System Access
Action: Apply Patch
AI Analysis

Impact

A logic flaw in macOS state management permits an attacker to gain access to protected parts of the file system, allowing the reading or modification of data that should be isolated from the attacker.

Affected Systems

Apple macOS releases older than Sequoia 15.5, Sonoma 14.7.6, and Ventura 13.7.6 are affected; those older versions are at risk until updated to the stated fixed releases.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, yet the EPSS score of <1% signals a low but non‑zero chance of exploitation. The vulnerability is not catalogued in CISA KEV and no public exploits have been reported. The attack vector is inferred to be local or remote, depending on how the logic flaw is triggered, but the CVE description does not specify the precise exploitation path.

Generated by OpenCVE AI on April 28, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to Sequoia 15.5 or later, Sonoma 14.7.6 or later, or Ventura 13.7.6 or later
  • Enable automatic software updates to receive security patches promptly
  • Monitor Apple support for new advisories or updated security guidance

Generated by OpenCVE AI on April 28, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14617 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system.
History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Title Improper Access Control in macOS State Management Enables File System Access

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system. A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An attacker may gain access to protected parts of the file system.

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 13 May 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:21:55.000Z

Reserved: 2025-03-27T16:13:58.327Z

Link: CVE-2025-31247

cve-icon Vulnrichment

Updated: 2025-11-03T19:52:09.731Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:24.887

Modified: 2026-04-02T19:19:54.623

Link: CVE-2025-31247

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:00:20Z

Weaknesses