CVE-2025-24140

Published: Jan 27, 2025Modified: Nov 3, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. Files downloaded from the internet may not have the quarantine flag applied.

Affected (1)

Products: Apple: Macos

Apple

1 product

Macos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 15.3

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://support.apple.com/en-us/122068

Source: product-security@apple.com

Release Notes

http://seclists.org/fulldisclosure/2025/Jan/15

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.