VDB

CISA-2025-24253

CISA-2025-24253 PUBLISHED CVSS 9.8 CRITICAL

Reported by apple · Published March 31, 2025

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
ApplemacOSunspecified
ApplemacOSunspecified
ApplemacOSunspecified
ApplemacOSunspecified, unspecified, unspecified

Timeline

  • Mar 31, 2025 CVE Published
  • Nov 3, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›