Description
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.
Published: 2025-09-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Disclosure
Action: Apply Update
AI Analysis

Impact

A race condition related to state handling was identified in macOS. The flaw allows an application to read sensitive user data that it should not be able to access. The vulnerability is classified as CWE‑362, indicating a competing resource usage issue that can result in data leakage. No evidence of remote execution or privilege escalation is provided, and the impact is limited to disclosure of user data rather than system compromise.

Affected Systems

The affected products are Apple macOS, specifically Sequoia 15.7, Sequoia 15.7.2, and Tahoe 26. No other Apple operating system versions are listed as vulnerable in the current advisory. Users running these releases should verify their version through System Settings or terminal.

Risk and Exploitability

The CVSS score of 5.5 places this issue in the medium severity range. The EPSS score of less than 1% indicates that the chance of exploitation in the wild is very low, and the vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is inferred to be local execution, requiring the attacker to run or influence a privileged application on the target machine. If an attacker can trigger the race condition from a user‑level app, they could read confidential data, but no evidence suggests the flaw can be leveraged for further privilege escalation.

Generated by OpenCVE AI on April 27, 2026 at 23:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to version Sequoia 15.7, Sequoia 15.7.2, or Tahoe 26 or later.
  • # Ensure the operating system is updated automatically by enabling system‑wide updates in System Settings.
  • # If a patch is not yet available, disable or uninstall any applications that may trigger the race condition until an update is released.

Generated by OpenCVE AI on April 27, 2026 at 23:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29292 A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to access sensitive user data.
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved state handling. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2, macOS Tahoe 26. An app may be able to access sensitive user data.
References

Wed, 17 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2. An app may be able to access sensitive user data. A race condition was addressed with improved state handling. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
References

Tue, 04 Nov 2025 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to access sensitive user data. A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Tahoe

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos Macos Sequoia Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:07.456Z

Reserved: 2025-04-16T15:24:37.102Z

Link: CVE-2025-43292

cve-icon Vulnrichment

Updated: 2025-11-03T18:10:10.958Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:32.360

Modified: 2026-04-02T19:20:20.940

Link: CVE-2025-43292

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:00:18Z

Weaknesses