CVE-2025-46289
published 2025-12-12CVE-2025-46289: A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able…
PriorityP279medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.19%
9.2th percentile
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 14.8.3 | 14.8.3 |
| apple | macos | < 15.7.3 | 15.7.3 |
| apple | macos | < 26.2 | 26.2 |
| apple | macos | >= 14.0 < 14.8.3 | 14.8.3 |
| apple | macos | >= 15.0 < 15.7.3 | 15.7.3 |
| apple | macos_sequoia | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_tahoe | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the AppSandbox component on macOS; monitor for sandboxed apps accessing protected user data directories outside their entitlements ↗
- →A logic issue in file handling is the root cause; look for anomalous file open/read syscalls from sandboxed processes targeting protected paths (e.g., ~/Library, contacts, photos, location data) ↗
- →Affected macOS versions: Sequoia < 15.7.3, Sonoma < 14.8.3, Tahoe < 26.2; unpatched hosts are candidates for exploitation of this AppSandbox bypass ↗
- ·No technical details, PoC, or exploitation indicators have been publicly disclosed; all detection guidance is based solely on the advisory description ↗
- ·The flaw is limited to the AppSandbox component; only sandboxed macOS applications are relevant attack vectors — non-sandboxed apps are not affected by this specific bypass ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-79fw-35w8-m7cx: A logic issue was addressed with improved file handling
ghsa_unreviewed·2025-12-12
CVE-2025-46289 [MEDIUM] CWE-285 GHSA-79fw-35w8-m7cx: A logic issue was addressed with improved file handling
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access protected user data.
VulnCheck
Apple macos Improper Authorization
vulncheck·2025·CVSS 5.5
CVE-2025-46289 [MEDIUM] Apple macos Improper Authorization
Apple macos Improper Authorization
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.
Affected: Apple macos
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://media.jamf.com/documents/white-papers/security-360-mac-2026.pdf
Apple
CVE-2025-46289: macOS Sonoma 14.8.3
vendor_apple·2025-12-12·CVSS 5.5
CVE-2025-46289 [MEDIUM] CVE-2025-46289: macOS Sonoma 14.8.3
Apple Security Update: About the security content of macOS Sonoma 14.8.3
Product: macOS Sonoma
Version: 14.8.3
CVE: CVE-2025-46289
Component: AppSandbox
Impact: An app may be able to access protected user data
Description: A logic issue was addressed with improved file handling.
Apple
CVE-2025-46289: macOS Tahoe 26.2
vendor_apple·2025-12-12·CVSS 5.5
CVE-2025-46289 [MEDIUM] CVE-2025-46289: macOS Tahoe 26.2
Apple Security Update: About the security content of macOS Tahoe 26.2
Product: macOS Tahoe
Version: 26.2
CVE: CVE-2025-46289
Component: AppSandbox
Impact: An app may be able to access protected user data
Description: A logic issue was addressed with improved file handling.
Apple
CVE-2025-46289: macOS Sequoia 15.7.3
vendor_apple·2025-12-12·CVSS 5.5
CVE-2025-46289 [MEDIUM] CVE-2025-46289: macOS Sequoia 15.7.3
Apple Security Update: About the security content of macOS Sequoia 15.7.3
Product: macOS Sequoia
Version: 15.7.3
CVE: CVE-2025-46289
Component: AppSandbox
Impact: An app may be able to access protected user data
Description: A logic issue was addressed with improved file handling.
No detection rules found.
No public exploits indexed.
2025-12-12
Published
Exploited in the wild