Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
Published: 2025-05-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Breach of Sensitive User Data
Action: Apply Patch
AI Analysis

Impact

A permissions flaw—classified as CWE‑284—allows an application to read sensitive user data that should be protected. The vulnerability is present in macOS Sequoia versions prior to 15.5 and can lead to unauthorized disclosure of personal information. The fixed version, Sequoia 15.5, adds additional restrictions to prevent this data leakage.

Affected Systems

Vulnerable Apple macOS releases are any Sequoia generation earlier than 15.5. The issue affects all users running these versions, regardless of device model or configuration, as the flaw lies in the operating system's access‑control enforcement.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium impact when the permission mistake occurs. An EPSS below 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack path involves a malicious or poorly configured local application that takes advantage of the overly permissive access controls, potentially exposing personal data without the user's knowledge. Because the flaw requires user or local device access, remote exploitation is not feasible.

Generated by OpenCVE AI on April 28, 2026 at 01:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sequoia 15.5 or later
  • Revoke the app’s permissions for accessing sensitive data through Settings > Privacy & Security
  • Restrict installation to trusted, notarized applications and avoid running potentially malicious software

Generated by OpenCVE AI on April 28, 2026 at 01:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14613 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Title macOS Sequoia Permissions Issue Exposing Sensitive User Data

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Wed, 14 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Tue, 13 May 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:00.232Z

Reserved: 2025-03-27T16:13:58.337Z

Link: CVE-2025-31260

cve-icon Vulnrichment

Updated: 2025-11-03T19:52:37.098Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:25.743

Modified: 2025-11-03T20:18:24.167

Link: CVE-2025-31260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:45:18Z

Weaknesses