CVE-2025-24248

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122373	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/8

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-31 23:15

Updated : 2025-11-03 22:18

NVD link : CVE-2025-24248

Mitre link : CVE-2025-24248

CVE.ORG link : CVE-2025-24248

JSON object : View

Products Affected

apple

macos

CWE

CWE-284

Improper Access Control

5.0 /10