Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Local execution of a low-privilege app suffices to trigger the bypass; only confidentiality is impacted since the flaw enables read-only access to user data.
Primary rating from Vendor (apple).
CVSS VectorVendor: apple
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data.
AnalysisAI
Sandbox restriction bypass in macOS prior to Tahoe 26.1 allows a locally-installed malicious app to access sensitive user data outside its permitted sandbox scope. The flaw stems from improper access control (CWE-284) in the macOS application sandbox, a core security boundary meant to isolate app access to system resources. SSVC assessment confirms no known active exploitation and the attack is not automatable, while CVSS signals high confidentiality impact limited to local execution with low privileges.
Technical ContextAI
The macOS application sandbox enforces mandatory access controls that restrict what files, network resources, and system APIs a given app can reach. CWE-284 (Improper Access Control) indicates the sandbox boundary was insufficiently enforced - allowing a crafted app to circumvent declared entitlements or container restrictions and reach user data it should be blocked from reading. The affected product is identified via CPE as cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*, covering all macOS versions up to but not including 26.1 (Tahoe). The tag 'Authentication Bypass' suggests the flaw may relate to bypassing OS-level identity or entitlement checks that gate access to protected data stores such as contacts, photos, location, or keychain-adjacent paths.
RemediationAI
Vendor-released patch: macOS Tahoe 26.1. Users and administrators should update to macOS 26.1 or later immediately using System Settings > General > Software Update. The Apple security advisory at https://support.apple.com/en-us/125634 confirms the patch. For systems that cannot be updated immediately, compensating controls include restricting installation of untrusted or unvetted apps (enforce App Store-only policy via MDM), auditing existing app entitlements with tools such as codesign or Privacy Preferences Policy Control (PPPC) profiles, and reviewing Full Disk Access grants in System Settings > Privacy & Security to remove unnecessary permissions. Note that MDM-based app restrictions do not eliminate risk if a trusted-but-malicious app is already installed.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210119
GHSA-v7ph-6xr9-c5p8