VDB
CISA-2025-24253
CISA-2025-24253
PUBLISHED
CVSS 9.8 CRITICAL
Reported by apple · Published March 31, 2025
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | macOS | unspecified |
| Apple | macOS | unspecified |
| Apple | macOS | unspecified |
| Apple | macOS | unspecified, unspecified, unspecified |
Timeline
- Mar 31, 2025 CVE Published
- Nov 3, 2025 CVE Updated