Parsing Vulnerability in macOS Products by Apple
CVE-2025-31248

Currently unrated

Key Information:

Vendor

Apple
Status
Mac OS
Vendor
CVE Published:
21 November 2025

What is CVE-2025-31248?

A vulnerability has been identified that involves improper parsing of directory paths in macOS systems. This flaw can permit an application to gain unauthorized access to sensitive user data, posing significant privacy risks. Apple has addressed this issue by implementing enhanced path validation, reducing the likelihood of exploitation in macOS Ventura 13.7.3, macOS Sequoia 15.5, and macOS Sonoma 14.7.3.

Affected Version(s)

macOS < 14.7

macOS < 15.5

macOS < 13.7

References

https://support.apple.com/en-us/122069
https://support.apple.com/en-us/122716
https://support.apple.com/en-us/122070

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-31248 : Parsing Vulnerability in macOS Products by Apple