Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Published: 2025-09-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized access to protected user data
Action: Update OS
AI Analysis

Impact

A permissions flaw in macOS allows applications to bypass normal access controls and read user‑protected data without proper authority. The weakness, classified as CWE‑284, compromises the confidentiality of sensitive local information even if the operating system otherwise remains secure. The vulnerability could lead to privacy breaches if an application gains inappropriate privilege or is malicious.

Affected Systems

The flaw impacts Apple macOS across multiple releases. Any version preceding macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26 is vulnerable. Devices running those operating systems, regardless of user role or location, may expose protected data to applications that exploit the permissions gap.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate impact, and the EPSS score (<1%) suggests the vulnerability is unlikely to be widely exploited at present. Based on the description, it is inferred that the attack vector is local or remote depending on an attacker’s ability to run or inject code into the target system. It is not listed in the CISA KEV catalog, so there is no known widespread exploitation. Nonetheless, administrators should promptly apply the available updates to mitigate potential data exposure.

Generated by OpenCVE AI on April 28, 2026 at 10:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the Apple‑OS updates that contain the permissions restriction fix in macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26 or later.
  • Enforce App Sandbox policies and restrict application permissions to the minimum required.
  • Audit the application inventory and revoke unnecessary elevated access for third‑party apps.

Generated by OpenCVE AI on April 28, 2026 at 10:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29325 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
History

Tue, 28 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Title macOS Permission Misconfiguration Enabling Unauthorized Access to Protected User Data

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
References

Tue, 04 Nov 2025 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access protected user data.

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:27.431Z

Reserved: 2025-03-27T16:13:58.341Z

Link: CVE-2025-31268

cve-icon Vulnrichment

Updated: 2025-11-03T18:09:16.323Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:29.930

Modified: 2026-04-02T19:19:58.503

Link: CVE-2025-31268

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:00:14Z

Weaknesses