CVE-2025-31183

Critical

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0034 56.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31183 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 43.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for logical access to data containers, directly preventing unauthorized app access to sensitive user data.

SC-39 Process Isolation good match

prevent

Maintains separate execution domains for apps, isolating processes to block cross-container access to sensitive user data.

AC-6 Least Privilege good match

prevent

Applies least privilege to apps, restricting access to only necessary sensitive user data within containers.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

The vulnerability directly enables unauthorized access to sensitive user data stored in local data containers on the system, mapping to T1005 Data from Local System.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The issue was addressed with improved restriction of data container access. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user…

data.

Deeper analysisAI

CVE-2025-31183 is a vulnerability involving improper restriction of data container access, which allows an app to access sensitive user data. It affects Apple's iOS and iPadOS prior to version 18.4, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, tvOS prior to 18.4, and watchOS prior to 11.4. Published on March 31, 2025, the issue is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Entity) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

An attacker can exploit this vulnerability remotely over the network with low complexity, requiring no privileges or user interaction. Exploitation enables an app to access sensitive user data, resulting in high impacts to confidentiality, integrity, and availability.

Apple addressed the issue through improved restriction of data container access in the following releases: iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, and watchOS 11.4. Security advisories providing further details are available at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122376, and https://support.apple.com/en-us/122377.

Details

CWE(s): CWE-200

Affected Products

apple

ipados

≤ 18.4

apple

iphone os

≤ 18.4

apple

macos

≤ 14.7.5 · 15.0 — 15.4

apple

tvos

≤ 18.4

CVEs Like This One

CVE-2025-30426Same product: Apple Ipados

CVE-2026-20606Same product: Apple Ipados

CVE-2025-24246Same product: Apple Macos

CVE-2026-28855Same product: Apple Ipados

CVE-2025-24146Same product: Apple Macos

CVE-2025-30424Same product: Apple Macos

CVE-2025-24263Same product: Apple Macos

CVE-2025-24204Same product: Apple Macos

CVE-2026-20641Same product: Apple Ipados

CVE-2026-28876Same product: Apple Ipados

References

https://support.apple.com/en-us/122371
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122373
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122376
product-security@apple.com
https://support.apple.com/en-us/122377
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/11
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/13
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/4
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108