{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31250", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-27T16:13:58.335Z", "datePublished": "2025-05-12T21:42:45.248Z", "dateUpdated": "2026-04-02T18:18:48.989Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data."}], "references": [{"url": "https://support.apple.com/en-us/122716"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:18:48.989Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T13:17:18.723565Z", "id": "CVE-2025-31250", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T13:22:45.316Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:52:12.437Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:52:12.437Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31250", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T13:17:18.723565Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T13:21:23.990Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122716"}], "descriptions": [{"lang": "en", "value": "An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-05-12T21:42:45.248Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31250", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:52:12.437Z", "dateReserved": "2025-03-27T16:13:58.335Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-12T21:42:45.248Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF1B4AB8-2B51-4EED-BD29-C500C83FAB10", "versionEndExcluding": "15.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de divulgaci\u00f3n de informaci\u00f3n mejorando los controles de privacidad. Este problema se solucion\u00f3 en macOS Sequoia 15.5. Una aplicaci\u00f3n podr\u00eda acceder a datos confidenciales del usuario."}], "id": "CVE-2025-31250", "lastModified": "2025-11-03T20:18:23.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-12T22:15:25.067", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/7"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:48:09.214033+00:00", "value": {"mitigation_remediation": ["Upgrade to macOS Sequoia 15.5 or later to apply the vendor patch.", "Restrict app permissions by adjusting System Settings > Privacy to limit which applications can access sensitive data.", "Enable Gatekeeper to block the installation of unknown or unverified developer apps, reducing the risk of introducing malicious applications."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Apple\u2019s macOS is affected, with the issue reported for versions prior to macOS Sequoia 15.5. The update to macOS Sequoia 15.5 includes the necessary fix. Earlier releases of macOS Sequoia and earlier macOS versions that have not applied the patch remain vulnerable.", "description_and_impact": "The vulnerability is an information disclosure flaw that allows an application to read sensitive user data that it should not have access to. This issue is categorized as CWE\u2011200: Exposure of Sensitive Information to an Unauthorized Actor. The weakness is introduced by insufficient privacy controls inherent in the operating system, enabling an attacker to obtain confidential data through a malicious or compromised app.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate risk, primarily affecting confidentiality. The EPSS score of less than 1% suggests a very low probability of exploitation at the time of this analysis, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a malicious or compromised application that a user installs; such an app could read protected data without additional privileges. Because no additional authentication or privilege escalation is required, the condition to exploit the flaw is straightforward for a capable attacker."}}}}, "created": "2026-04-28T02:00:15.387873+00:00", "title": "Information Disclosure in macOS Sequoia Due to Inadequate Privacy Controls", "updated": "2026-04-28T02:00:15.387884+00:00", "vendors": []}