VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Nov 21, 2025· Updated Apr 2, 2026

CVE-2025-31248

CVE-2025-31248

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A parsing issue in directory path handling in macOS allows an app to access sensitive user data; fixed in macOS Sequoia 15.5, Sonoma 14.7.3, and Ventura 13.7.3.

Root

Cause

A parsing issue in the handling of directory paths exists in macOS. This was addressed with improved path validation. The flaw could allow an application to bypass path restrictions and access protected user data.

Exploitation

An attacker with the ability to execute an app on the system could exploit this vulnerability locally. No network access or special privileges are required beyond running a benign-looking application. The app can access sensitive user data that would normally be protected.

Impact

Successful exploitation results in unauthorized access to sensitive user data, such as personal documents, credentials, or other private information stored on the device.

Mitigation

Apple has released security updates to fix this issue: macOS Sequoia 15.5 [1], macOS Sonoma 14.7.3 [2], and macOS Ventura 13.7.3 [3]. Users should update their systems as soon as possible.

References
  1. About the security content of macOS Sequoia 15.5 - Apple Support
  2. About the security content of macOS Sonoma 14.7.3 - Apple Support
  3. About the security content of macOS Ventura 13.7.3 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <13.7.3
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.