Description
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps.
Published: 2025-07-29
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation – entitlement hijacking
Action: Patch
AI Analysis

Impact

An application can hijack entitlements that are normally reserved for other privileged applications, allowing it to gain elevated privileges without proper authorization. This weakness is rooted in inadequate data protection, which permits the malicious app to intercept and misuse entitlement information. The resulting compromise can lead to unauthorized access to system resources, potential data exposure, and intervention in core system services. The identified weakness corresponds to CWE‑266, Designating the failure as incorrect privilege management.

Affected Systems

Apple macOS versions prior to macOS Sequoia 15.6 and macOS Sonoma 14.7.7 are affected. Systems running earlier releases are vulnerable to entitlement hijacking until they receive the mentioned updates.

Risk and Exploitability

The vulnerability carries a CVSS score of 5.1 and an EPSS of less than 1 %, indicating low but non‑zero exploitation probability. It is not listed in the CISA KEV catalog. The most likely attack vector is local execution: a malicious application installed or run on the machine can exploit the flaw. No evidence suggests remote exploitation, but the presence of elevated privileges offers significant risk if a local attacker succeeds.

Generated by OpenCVE AI on April 28, 2026 at 10:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version Sequoia 15.6 or Sonoma 14.7.7 where the issue is fixed
  • Remove or quarantine any unauthorized privileged applications that might attempt entitlement hijacking
  • Enforce strict application permissions and monitor for unusual privilege escalation activities

Generated by OpenCVE AI on April 28, 2026 at 10:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23071 This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps.
History

Tue, 28 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Title Privileged App Entitlement Hijacking in macOS

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 01 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 30 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 30 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Tue, 29 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to hijack entitlements granted to other privileged apps.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:47.177Z

Reserved: 2025-04-16T15:24:37.097Z

Link: CVE-2025-43260

cve-icon Vulnrichment

Updated: 2025-11-03T20:03:27.811Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:37.587

Modified: 2025-11-03T20:18:58.370

Link: CVE-2025-43260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:00:14Z

Weaknesses