CVE-2025-24263
Published: 31 March 2025
Summary
CVE-2025-24263 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 37.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-12 (Information Location).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly protects sensitive user data at rest in a manner that prevents unauthorized apps from observing it, matching the fix of relocating data to a protected location.
Requires identification and implementation of protections for locations of sensitive information, addressing storage of data in unprotected areas accessible to apps.
Enforces approved authorizations for access to system resources, preventing apps from reading sensitive user data without permission.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes sensitive user data stored in an unprotected local location on macOS, directly enabling an app to access and collect it from the local system without restrictions.
NVD Description
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
Deeper analysisAI
CVE-2025-24263 is a privacy vulnerability (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor) affecting macOS prior to Sequoia 15.4, where sensitive user data was stored in an unprotected location, allowing an app to observe it. Apple addressed the issue by relocating the data to a protected area. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
A remote attacker with network access can exploit this vulnerability without authentication, privileges, or user interaction, enabling an app to access and potentially exfiltrate unprotected sensitive user data. The unchanged scope suggests the impact remains within the affected component, but the high confidentiality impact allows observation of private information, while integrity and availability impacts could enable data tampering or denial of access.
Apple's security advisory at https://support.apple.com/en-us/122373 details the fix in macOS Sequoia 15.4, recommending users update to this version for mitigation. Additional disclosure is available at http://seclists.org/fulldisclosure/2025/Apr/8.
Details
- CWE(s)