Description
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data.
Published: 2025-09-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Disclosure via authorization bypass
Action: Patch
AI Analysis

Impact

A logic flaw in macOS permits an application to read user‑sensitive data that it should not be able to access; the weakness is categorized as CWE‑285 (authorization failure). The issue originates from insufficient checks in system logic and is mitigated only after an app triggers the vulnerable code. Apple stated that the flaw was fixed in macOS Sonoma 14.8, so earlier releases lack the necessary safeguards.

Affected Systems

All macOS devices running versions prior to macOS Sonoma 14.8 are affected. The vulnerability is present in any Apple macOS installation that has not yet applied the 14.8 security update, regardless of configuration or region.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. An EPSS score of less than 1% suggests a low likelihood that the flaw will be exploited in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to deliver a malicious or compromised application capable of exercising the logic flaw, making the primary attack vector an application‑level exploitation.

Generated by OpenCVE AI on April 28, 2026 at 00:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sonoma 14.8 or later, where the logic issue is corrected.
  • Revoke unnecessary application permissions in System Settings → Privacy & Security to limit data exposure.
  • Remove or block untrusted third‑party applications that could take advantage of the authorization flaw.

Generated by OpenCVE AI on April 28, 2026 at 00:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29305 A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data.
History

Tue, 28 Apr 2026 00:30:00 +0000

Type Values Removed Values Added
Title macOS Logic Flaw Enabling Unauthorized Access to Sensitive Data

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sonoma

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Macos Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:01.820Z

Reserved: 2025-04-16T15:24:37.091Z

Link: CVE-2025-43231

cve-icon Vulnrichment

Updated: 2025-11-03T18:09:47.184Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:30.913

Modified: 2025-11-03T19:15:54.777

Link: CVE-2025-43231

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:15:05Z

Weaknesses