Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Published: 2025-09-15
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

A permissions issue allows an application to access sensitive user data that should otherwise be restricted. The flaw arises from improper control of resource access, classified as CWE-284, and could expose confidential information to unauthorized applications.

Affected Systems

Apple macOS, specifically versions before macOS Tahoe 26. The vulnerability was addressed in macOS Tahoe 26 and later releases.

Risk and Exploitability

The CVSS score of 3.3 indicates a low severity impact, and the EPSS score of less than 1% suggests a very low chance of exploitation. The vulnerability was not identified in CISA’s KEV catalog. Based on the description, the likely attack vector is a local application running on the compromised machine that can elevate permissions to read protected data.

Generated by OpenCVE AI on April 27, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to macOS Tahoe 26 or newer to obtain the fixed permissions logic.
  • Revoke the application’s permissions to sensitive data via System Preferences > Security & Privacy > Permissions, limiting its access to only what is required.
  • Monitor system activity for unexpected app access and consider removing or disabling apps that are not essential.

Generated by OpenCVE AI on April 27, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29275 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Title App May Access Sensitive User Data Due to Permission Issue on macOS

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

 cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 17 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 16 Sep 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:06.303Z

Reserved: 2025-04-16T15:24:37.109Z

Link: CVE-2025-43328

cve-icon Vulnrichment

Updated: 2025-11-03T18:11:21.675Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:35.513

Modified: 2025-11-03T19:16:01.167

Link: CVE-2025-43328

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:00:18Z

Weaknesses