{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46283", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-22T21:13:49.958Z", "datePublished": "2025-12-17T20:46:34.698Z", "dateUpdated": "2026-04-02T18:10:41.222Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.4", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access sensitive user data."}], "references": [{"url": "https://support.apple.com/en-us/125886"}, {"url": "https://support.apple.com/en-us/126350"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:10:41.222Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-18T19:20:32.097827Z", "id": "CVE-2025-46283", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T19:29:33.725Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-46283", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-18T19:20:32.097827Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T19:21:35.842Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26.2", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125886"}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.2. An app may be able to access sensitive user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-12-17T20:46:34.698Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46283", "state": "PUBLISHED", "dateUpdated": "2025-12-18T19:29:33.725Z", "dateReserved": "2025-04-22T21:13:49.958Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-12-17T20:46:34.698Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75", "versionEndExcluding": "26.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.4, macOS Tahoe 26.2. An app may be able to access sensitive user data."}], "id": "CVE-2025-46283", "lastModified": "2026-04-02T19:21:03.333", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-17T21:16:13.630", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125886"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126350"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T22:12:24.029873+00:00", "value": {"mitigation_remediation": ["Upgrade macOS to the latest available release, at minimum macOS Sonoma\u00a014.8.4 or macOS Tahoe\u00a026.2, which contain the fix for this logic flaw.", "If an immediate update is not possible, restrict software installation to the App Store and enable Gatekeeper to prevent untrusted applications from running.", "Monitor system logs for anomalous data access patterns, particularly by newly installed applications, and consider disabling unnecessary system services that might expose user data."], "summary": {"action": "Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "Apple\u2019s macOS is impacted, specifically versions prior to the releases that contain the fix\u2014macOS Sonoma 14.8.4 and macOS Tahoe 26.2. Users on older builds are susceptible to the flaw.", "description_and_impact": "A logic flaw in macOS authentication flows bypasses input validation, potentially enabling an application to read protected user data. The vulnerability aligns with CWE-200, which concerns the exposure of information that should remain confidential. Based on the description, it is inferred that the attack vector requires a malicious application to exploit the flaw.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity, while an EPSS of less than 1% signals a very low current exploitation probability. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would likely need to deliver a malicious application to gain the exposed data, meaning the threat is most pronounced for environments that allow installation of unverified software."}}}}, "created": "2025-12-18T09:56:15.564466+00:00", "title": "Logic Error Allows Application to Access Sensitive User Data on macOS", "updated": "2026-04-27T22:15:15.130312+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_tahoe"]}