Description
A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.
Published: 2025-07-29
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Private Relay
Action: Update macOS
AI Analysis

Impact

A logic error in macOS lets iCloud Private Relay fail to activate when more than one user account is logged in concurrently. This flaw causes the protective privacy relay to remain inactive for all users, potentially allowing network traffic to bypass encryption or routing through standard internet paths. The vulnerability does not provide code execution or elevated privileges, but it undermines the privacy guarantees of iCloud Private Relay, representing a denial or degradation of the feature.

Affected Systems

Apple macOS (Sequoia) versions prior to 15.6 are affected. The issue surfaces on systems where multiple user sessions are active simultaneously, regardless of the individual user roles.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. The EPSS score is below 1%, suggesting a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. Exploitation would likely require an environment where multiple users can log in, such as on a shared machine. An attacker could use this to prevent the activation of Private Relay, thereby stripping privacy protections during simultaneous logins, but cannot gain arbitrary code execution or system compromise.

Generated by OpenCVE AI on April 28, 2026 at 00:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.6 or newer
  • If an update is not immediately possible, avoid enabling Private Relay while more than one user is logged in or restrict multi‑user sessions on the device
  • Verify Private Relay status after login and enable it manually if it is disabled

Generated by OpenCVE AI on April 28, 2026 at 00:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23069 A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.
History

Tue, 28 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Title Private Relay Non-Activation During Concurrent User Logins

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Wed, 06 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 Aug 2025 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367

Fri, 01 Aug 2025 18:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Fri, 01 Aug 2025 07:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Vendors & Products Apple
Apple macos
Apple macos Sequoia

Tue, 29 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.
References

Subscriptions

Apple Macos Macos Sequoia
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:58.637Z

Reserved: 2025-04-16T15:24:37.101Z

Link: CVE-2025-43276

cve-icon Vulnrichment

Updated: 2025-11-03T20:03:58.681Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:38.563

Modified: 2025-11-03T20:18:59.813

Link: CVE-2025-43276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:45:17Z

Weaknesses