Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Published: 2025-05-12
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Access to Sensitive User Data
Action: Apply Patch
AI Analysis

Impact

A logic flaw allows an application to read sensitive user data that it should not be able to access. This vulnerability can lead to a privacy breach where personal information is exposed. The weakness lies in improper authorization controls, classified as CWE‑285.

Affected Systems

Apple macOS, prior to Sequoia 15.5. The issue is fixed in macOS Sequoia 15.5 and later releases.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.1, indicating moderate to high severity. EPSS is reported as less than 1 %, suggesting a low probability of exploitation. It is not listed in the CISA KEV catalog. Likely attack vectors involve local installation of a malicious or compromised application that runs with the user’s privileges, allowing the attacker to read protected data.

Generated by OpenCVE AI on April 28, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sequoia 15.5 or later to receive the security fix.
  • If an upgrade is not immediately possible, restrict the problematic application’s permissions to prevent access to sensitive data.
  • Review installed applications for those that have excessive data access and remove or isolate any that are unnecessary.

Generated by OpenCVE AI on April 28, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14612 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title macOS Logic Error Grants App Access to Sensitive User Data

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 13 May 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:15:35.107Z

Reserved: 2025-03-27T16:13:58.328Z

Link: CVE-2025-31249

cve-icon Vulnrichment

Updated: 2025-11-03T19:52:11.075Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:24.977

Modified: 2025-11-03T20:18:23.010

Link: CVE-2025-31249

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:00:15Z

Weaknesses