Skip to main content

macOS CVE-2025-46293

| EUVDEUVD-2025-210118 MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2026-06-11 apple GHSA-2jc2-r9gv-gx5x
5.5
CVSS 3.1 · Vendor: apple
Share

Severity by source

Vendor (apple) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
5.5 MEDIUM

Local app execution with low user privileges is required; only confidentiality is impacted as the flaw enables read-only access to protected data via symlink following.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (apple).

CVSS VectorVendor: apple

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Analysis Generated
Jun 11, 2026 - 21:35 vuln.today
CVSS changed
Jun 11, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 11, 2026 - 20:01 EUVD
CVE Published
Jun 11, 2026 - 18:47 cve.org
MEDIUM 5.5
CVE Published
Jun 11, 2026 - 18:47 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

AnalysisAI

Improper symlink resolution in Apple macOS prior to Sequoia 15.4 allows a locally-executing app with standard user privileges to access protected user data that would ordinarily be restricted by macOS privacy controls such as TCC (Transparency, Consent, and Control). Rooted in CWE-59, the flaw enables a malicious app to craft or exploit symbolic links to bypass the OS file-access boundary and read sensitive user data without authorization. No public exploit has been identified at time of analysis, and CISA's SSVC framework rates exploitation as none with partial technical impact.

Technical ContextAI

CWE-59 ('Improper Link Resolution Before File Access - Link Following') describes a class of vulnerability in which a program follows a symbolic link to an unintended filesystem location before adequately validating the resolved target against applicable access controls. In the macOS context, the OS enforces per-app data access restrictions through TCC and sandbox entitlements; a symlink-following flaw can allow a crafted app to redirect a file operation through a symlink into a protected directory (e.g., ~/Library/AddressBook, Photos library, or calendar data) without triggering the expected permission gate. The affected product is Apple macOS, identified by CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*, covering all macOS versions before 15.4 (Sequoia). Apple addressed the root cause by improving symlink handling in the OS.

RemediationAI

Vendor-released patch: macOS Sequoia 15.4. Update via System Settings → General → Software Update or through Apple's advisory at https://support.apple.com/en-us/122373. Users on macOS Ventura or Sonoma who cannot upgrade to Sequoia should restrict app installation exclusively to the Mac App Store (System Settings → Privacy & Security → App Store only), which reduces the attack surface by limiting the delivery of untrusted local apps capable of exploiting this flaw - though this does not eliminate the underlying vulnerability. Additionally, auditing TCC privacy permissions granted to installed apps (System Settings → Privacy & Security) and revoking unnecessary access may limit the scope of data reachable through a symlink bypass. No workarounds are specified by Apple in the advisory.

Share

CVE-2025-46293 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy