CVE Catalog

CVE-2025-46293

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile — higher than 2% of all known CVEs

Summary

The issue concerns improper handling of symlinks, which may allow an app to access protected user data. It is fixed in macOS Sequoia 15.4.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive user data, potentially leading to privacy and security breaches.

Recommendation

It is recommended to update the system to macOS Sequoia 15.4 to mitigate this vulnerability.

Original NVD description (English source)

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS