CVE-2025-31189

HIGH

macOS < Ventura 13.7.5 - Privilege Escalation

Title source: llm
STIX 2.1

Description

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.

References (3)

Core 3
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122373
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122374
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122375

Scores

CVSS v3 8.2
EPSS 0.0016
EPSS Percentile 5.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-693
Status published
Products (4)
apple/macos < 13.7.5
Apple/macOS < 13.7.5
Apple/macOS < 14.7.5
Apple/macOS < 15.4
Published May 29, 2025
Tracked Since Feb 18, 2026