CVE-2025-24249 | A permissions issue was addressed with additional sandbox re… | CVSS 9.8 CRITICAL

Description

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to check the existence of an arbitrary path on the file system.

Metadata

CVE ID: CVE-2025-24249
State: PUBLISHED
Assigner: apple
Reserved: 2025-01-17 00:00 UTC
Published: 2025-03-31 22:23 UTC
Last updated: 2026-04-02 18:18 UTC
Primary CWE: CWE-862
CWE-862 Missing Authorization
Vendor / Product: Apple / macOS
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Apple	macOS	—	0 < 13.7.5, 0 < 14.7.5, 0 < 15.4

Weakness (CWE)

CWE	Source	Description
—	cna	An app may be able to check the existence of an arbitrary path on the file system
CWE-862	adp	CWE-862 Missing Authorization

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)