Logic Issue in macOS Products by Apple Exposes User Data
CVE-2025-31232

7.1HIGH

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-31232?

A logic issue has been identified in certain macOS releases, allowing sandboxed applications to potentially gain unauthorized access to sensitive user data. This vulnerability has been patched in versions 13.7.6 of macOS Ventura, 15.5 of macOS Sequoia, and 14.7.6 of macOS Sonoma. Users are encouraged to update their systems to mitigate the risks associated with this flaw.

Affected Version(s)

macOS < 15.5

macOS < 14.7

macOS < 13.7

References

https://support.apple.com/en-us/122716

https://support.apple.com/en-us/122717

https://support.apple.com/en-us/122718

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Mar 27, 2025