CVE-2025-24109Sensitive Information Exposure in Apple Macos

CWE-200Sensitive Information ExposureCWE-922Insecure Storage of Sensitive Information5 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 72.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple MacosApple Macos SequoiaApple Macos Sonoma+1 more
Timeline
PublishedJan 27
Latest updateJan 28

Description

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access sensitive user data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

Appleapple/macos_sonoma14.7.3
Appleapple/macos_ventura13.7.3
CVEListV5apple/macos< 14.7.3+1
NVDapple/macos14.014.7.3+2

🔴Vulnerability Details

1
GHSA
GHSA-2w2w-c8f9-2jq3: A downgrade issue was addressed with additional code-signing restrictions2025-01-28

📋Vendor Advisories

3
Apple
CVE-2025-24109: macOS Sequoia 15.32025-01-27
Apple
CVE-2025-24109: macOS Sonoma 14.7.32025-01-27
Apple
CVE-2025-24109: macOS Ventura 13.7.32025-01-27