Multiple vulnerabilities in Apple Xcode
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2025-24226 CVE-2025-30441 |
| CWE-ID | CWE-200 CWE-371 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Apple Xcode Universal components / Libraries / Software for developers |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU106916
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-24226
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to an error in IDE Assets. A local application can gain unauthorized access to private information.
Install updates from vendor's website.
Vulnerable software versionsApple Xcode: 15.0 - 16.2
CPE2.3- cpe:2.3:a:apple:apple_xcode:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_xcode:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_xcode:15.1:*:*:*:*:*:*:*
https://support.apple.com/en-us/122380
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) State Issues
EUVDB-ID: #VU106917
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-30441
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to state management error in Instruments. A local application can overwrite arbitrary files on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple Xcode: 15.0 - 16.2
CPE2.3- cpe:2.3:a:apple:apple_xcode:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_xcode:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apple:apple_xcode:15.1:*:*:*:*:*:*:*
https://support.apple.com/en-us/122380
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
