CVE-2025-24248

Published Mar 31, 2025

Last updated 16 hours ago

CVSS medium 5.0

Overview

Description: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed into the user's Apple Account.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5
Impact score: 3.4
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-284

Hype score: Not currently trending

CVE-2025-24248 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to enumerate devices that have signed in… https://t.co/LdGY4k1xsw
@CVEnew
31 Mar 2025
135 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621",
            "versionEndExcluding": "15.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References