CVE-2025-31269
Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A permissions issue in macOS allows an app to access protected user data, fixed in macOS Sonoma 14.8 and macOS Tahoe 26.
CVE-2025-31269 is a permissions issue affecting macOS. The bug allows an app to bypass privacy restrictions and access protected user data. The root cause is addressed with additional restrictions, though specific details are not disclosed [1].
An attacker would need to trick a user into running a malicious app, or have existing app execution on the system. No authentication is required beyond normal user privileges. The attack surface is local, as the app must be executed on the vulnerable Mac [2].
Successful exploitation enables the app to read protected user data, such as contacts, photos, or other sensitive information normally restricted by macOS privacy preferences. This could lead to unauthorized exposure of personal data [1][3].
Apple has released updates to fix this issue: macOS Sonoma 14.8 and macOS Tahoe 26. Users are advised to update their systems. There is no evidence of exploitation in the wild, and no workarounds have been provided [2][4].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <14.8
- Range: <26
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- support.apple.com/en-us/125112nvdRelease NotesVendor Advisory
- seclists.org/fulldisclosure/2025/Sep/53nvd
- seclists.org/fulldisclosure/2025/Sep/55nvd
- support.apple.com/en-us/125110nvd
News mentions
0No linked articles in our index yet.