Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
AnalysisAI
Improper access control in Apple macOS allows a locally-executed app to read sensitive user data by exploiting a logic flaw in system-level restrictions. Affected are all macOS versions prior to Tahoe 26, per the CPE data and EUVD-2025-209943. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms exploitation requires no user interaction once an app is running under low privileges, and the confidentiality impact is rated High. No public exploit code exists and this vulnerability is not confirmed actively exploited (CISA KEV).
Technical ContextAI
CWE-284 (Improper Access Control) describes cases where software fails to restrict access to a resource in a manner consistent with its security policy. In this instance, Apple identified a logic issue in macOS access control enforcement - tagged as an Authentication Bypass - where an app can circumvent intended restrictions to reach sensitive user data. The affected product is Apple macOS across all versions below 26 (Tahoe), as identified by CPE cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*. This class of flaw typically arises when permission-checking logic contains an incorrect branch, state-machine gap, or ordering error that a crafted app can trigger to gain unauthorized read access to protected data stores (e.g., contacts, location, keychain-adjacent data).
RemediationAI
The primary remediation is to upgrade to macOS Tahoe 26, which contains Apple's official fix for this logic issue per the vendor advisory at https://support.apple.com/en-us/125110. Patch availability is confirmed by Apple; exact patch version is macOS Tahoe 26. As a compensating control prior to patching, administrators should restrict installation and execution of untrusted or unreviewed third-party applications using macOS System Policy controls (spctl) or Mobile Device Management (MDM) profiles that enforce App Store-only sources - this directly narrows the surface for an app-based exploitation path. Enabling Full Disk Access prompts via System Settings and auditing which apps hold privacy permissions (Privacy & Security pane) can further limit exposure. Note that restricting app execution may impact productivity workflows; assess per-environment before enforcing.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209943