CVE-2025-24115

{"id": "CVE-2025-24115", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-27T22:15:16.713", "references": [{"url": "https://support.apple.com/en-us/122068", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122069", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122070", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/15", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/16", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/17", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read files outside of its sandbox."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de gesti\u00f3n de rutas con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en macOS Ventura 13.7.3, macOS Sequoia 15.3 y macOS Sonoma 14.7.3. Es posible que una aplicaci\u00f3n pueda leer archivos fuera de su sandbox."}], "lastModified": "2025-11-03T21:19:19.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A12642CB-69CC-4C6E-A2C2-CA8AE736EE88", "versionEndExcluding": "13.7.3"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C523C7E-B1CF-454B-8AFD-B462C5120D9E", "versionEndExcluding": "14.7.3", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33FE4A81-3E35-4934-ABBB-4531E8E249AF", "versionEndExcluding": "15.3", "versionStartIncluding": "15.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}