Vulnerability Details CVE-2025-24259
This issue was addressed with additional entitlement checks. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- https://support.apple.com/en-us/122405
- http://seclists.org/fulldisclosure/2025/Apr/10
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/9
- http://seclists.org/fulldisclosure/2025/May/6
Products affected by CVE-2025-24259
-
cpe:2.3:o:apple:macos:13.7.4
-
cpe:2.3:o:apple:macos:14.7.4
-
cpe:2.3:o:apple:macos:15.0
-
cpe:2.3:o:apple:macos:15.1
-
cpe:2.3:o:apple:macos:15.1.1
-
cpe:2.3:o:apple:macos:15.2
-
cpe:2.3:o:apple:macos:15.3
-
cpe:2.3:o:apple:macos:15.3.1
-
cpe:2.3:o:apple:macos:15.3.2