Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator.
Published: 2025-12-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Update
AI Analysis

Impact

A permissions flaw allows a standard user to view files created from a disk image that belongs to an administrator. The issue is due to insufficient restriction of read access to those files, leading to disclosure of potentially sensitive data. The weakness corresponds to improper permission controls, represented by CWE-732.

Affected Systems

Apple macOS is affected. Systems running macOS Tahoe before version 26.1 contain the vulnerability. Updating to macOS Tahoe 26.1 or later resolves the issue by adding the necessary restrictions.

Risk and Exploitability

The CVSS score of 5.5 reflects a moderate impact. The EPSS score of less than 1% indicates a very low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is likely local, with a standard user leveraging a mounted disk image to gain unauthorized read access to administrator files. In the absence of additional mitigations, the vulnerability could result in information disclosure but not more severe damage such as elevation of privilege or code execution.

Generated by OpenCVE AI on April 27, 2026 at 22:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to version 26.1 or later to apply the permission fix.
  • Limit disk image mount permissions: ensure that only administrator accounts can mount or access disk images belonging to admin users.
  • Modify system settings or use a local policy to prevent standard users from automatically mounting disk images as a temporary workaround.

Generated by OpenCVE AI on April 27, 2026 at 22:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Mon, 27 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Permissions Issue Allows Standard Users to Read Administrator Disk Image Files

Tue, 16 Dec 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-732
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:37.852Z

Reserved: 2025-04-16T15:24:37.126Z

Link: CVE-2025-43470

cve-icon Vulnrichment

Updated: 2025-12-16T14:43:04.837Z

cve-icon NVD

Status : Modified

Published: 2025-12-12T21:15:55.000

Modified: 2025-12-16T15:15:50.847

Link: CVE-2025-43470

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T22:45:15Z

Weaknesses