QSearchQSearch

CVE-2025-24170

7.8 HIGH

A logic issue was addressed with improved file handling

Published: 2025-03-31 · Last updated: 2026-06-11

Severity and scoring

CVSS
7.8 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
CWE-276

Affected products

VendorProduct
applemacos

Description

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2025-46315 A permissions issue was addressed with additional restrictions (7.5 HIGH)
  • CVE-2025-46313 A logging issue was addressed with improved data redaction (5.5 MEDIUM)
  • CVE-2025-46308 An authorization issue was addressed with improved state management (5.3 MEDIUM)
  • CVE-2025-46293 This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
  • CVE-2025-43339 An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)

Same CWE

  • CVE-2026-50255 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier (6.7 MEDIUM)
  • CVE-2026-11931 Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to ... (5.5 MEDIUM)
  • CVE-2026-49157 Incorrect Default Permissions vulnerability in Apache ActiveMQ (8.8 HIGH)
  • CVE-2026-48191 An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules... (3.5 LOW)
  • CVE-2026-48190 An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query ... (3.5 LOW)