CVE-2025-24268

Published: Jun 11, 2026Modified: Jun 12, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.

Affected (1)

Products: Apple: Macos

Apple

1 product

Macos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 15.4

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (1)

https://support.apple.com/en-us/122373

Source: product-security@apple.com

Release NotesVendor Advisory

Timeline

No history available yet.