CVE-2025-24181

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122373	Vendor Advisory
https://support.apple.com/en-us/122374	Vendor Advisory
https://support.apple.com/en-us/122375	Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/8
http://seclists.org/fulldisclosure/2025/Apr/9

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

No history.

Information

Published : 2025-03-31 23:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-24181

Mitre link : CVE-2025-24181

CVE.ORG link : CVE-2025-24181

JSON object : View

Products Affected

apple

macos

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-24181", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-03-31T23:15:17.173", "references": [{"url": "https://support.apple.com/en-us/122373", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122374", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122375", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/10", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/8", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/9", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema est\u00e1 corregido en macOS Ventura 13.7.5, macOS Sequoia 15.4 y macOS Sonoma 14.7.5. Una aplicaci\u00f3n podr\u00eda acceder a datos protegidos del usuario."}], "lastModified": "2025-11-03T21:19:31.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAFA86AE-8EE9-414C-9FD2-C8551FF2A5CC", "versionEndExcluding": "13.7.5", "versionStartIncluding": "13.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D05DCA25-A1A0-4AEA-9F31-952803114EE2", "versionEndExcluding": "14.7.5", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA", "versionEndExcluding": "15.4", "versionStartIncluding": "15.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}