CVE-2025-24253
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
31/03/2025
Last modified:
07/04/2025
Description
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 13.0 (including) | 13.7.5 (excluding) |
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 14.0 (including) | 14.7.5 (excluding) |
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 15.0 (including) | 15.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page