SB2025051256 - Multiple vulnerabilities in macOS Sequoia 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025051256

SB2025051256 - Multiple vulnerabilities in macOS Sequoia

Published: May 12, 2025 Updated: November 24, 2025

Security Bulletin ID SB2025051256
Severity
Critical
Patch available
YES
Number of vulnerabilities 54
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 2% High 17% Medium 22% Low 59%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 54 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2025-31250)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in TCC. A local application can gain access to sensitive user data.


2) Improper access control (CVE-ID: CVE-2025-31245)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in Pro Res. A local application can cause unexpected system termination.


3) Improper access control (CVE-ID: CVE-2025-31244)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in quarantine. A local application can trick the victim into opening a specially crafted file and break out of its sandbox.


4) Improper input validation (CVE-ID: CVE-2025-31258)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation in RemoteViewServices. A local application can break out of its sandbox.


5) Improper access control (CVE-ID: CVE-2025-31249)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in Sandbox. A local application can access sensitive user data.


6) Information disclosure (CVE-ID: CVE-2025-31224)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Sandbox. A local application can bypass certain Privacy preferences.


7) Integer overflow (CVE-ID: CVE-2025-31221)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to integer overflow in Security. A remote attacker can trigger integer overflow and read parts of kernel memory.


8) Information exposure through log files (CVE-ID: CVE-2025-31213)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to inclusion of sensitive information into a log file in Security. A local application can access associated usernames and websites in a user\'s iCloud Keychain.


9) State issues (CVE-ID: CVE-2025-31247)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a state management issue in SharedFileList. A remote attacker can protected parts of the file system.


10) Input validation error (CVE-ID: CVE-2025-31259)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient validation of user-supplied input in SoftwareUpdate. A local application can execute arbitrary code with elevated privileges.


11) Information exposure through log files (CVE-ID: CVE-2025-31242)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to inclusion of sensitive information into a log file in StoreKit. A local application can access sensitive user data.


12) Information disclosure (CVE-ID: CVE-2025-31220)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Weather. A local application can read sensitive location information.


13) Input validation error (CVE-ID: CVE-2025-26466)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input related to SSH2_MSG_PING handling in sshd(8). A remote attacker can send specially crafted packets to the server and perform a denial of service (DoS) attack.


14) Type confusion (CVE-ID: CVE-2025-24213)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


15) Buffer overflow (CVE-ID: CVE-2025-31223)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


16) Buffer overflow (CVE-ID: CVE-2025-31238)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


17) Improper access control (CVE-ID: CVE-2025-31215)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in WebKit. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected process crash.


18) Buffer overflow (CVE-ID: CVE-2025-31204)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


19) Buffer overflow (CVE-ID: CVE-2025-24223)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


20) Type Confusion (CVE-ID: CVE-2025-31206)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the WebKit engine. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.


21) Improper input validation (CVE-ID: CVE-2025-31217)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.


22) Information disclosure (CVE-ID: CVE-2025-31205)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted website and exfiltrate data cross-origin.


23) Memory corruption (CVE-ID: CVE-2025-31257)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected Safari crash.


24) Buffer overflow (CVE-ID: CVE-2025-31234)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Pro Res. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


25) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2025-26465)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect processing of user-supplied data in ssh(1). A remote attacker can perform server impersonation when VerifyHostKeyDNS enabled.


26) Buffer overflow (CVE-ID: CVE-2025-31246)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in afpfs. A remote attacker can trick the victim into connecting to a malicious AFP server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


27) Buffer overflow (CVE-ID: CVE-2025-31233)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in CoreMedia when processing video files. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


28) Input validation error (CVE-ID: CVE-2025-31240)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in afpfs. A remote attacker can trick the victim into connecting to a malicious AFP share and perform a denial of service (DoS) attack.


29) Input validation error (CVE-ID: CVE-2025-31237)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in afpfs. A remote attacker can trick the victim into connecting to a malicious AFP share and perform a denial of service (DoS) attack.


30) Permissions, privileges, and access controls (CVE-ID: CVE-2025-31260)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in Apple Intelligence Reports. A local application can access sensitive user data.


31) Buffer overflow (CVE-ID: CVE-2025-31251)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing specially crafted image files in AppleJPEG. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and crash the application.


32) Double free (CVE-ID: CVE-2025-31235)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in Audio. A remote attacker can trick the victim into opening a specially crafted media file, trigger a double free error and perform a denial of service (DoS) attack.


33) Memory corruption (CVE-ID: CVE-2025-24222)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in BOM. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected process crash.


34) State issues (CVE-ID: CVE-2025-31212)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to a state management issue in Core Bluetooth. A local application can access sensitive user data.


35) Improper access control (CVE-ID: CVE-2025-31208)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in CoreAudio. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.


36) Out-of-bounds read (CVE-ID: CVE-2025-31209)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in CoreGraphics. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.


37) Use after free (CVE-ID: CVE-2025-31239)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in CoreMedia. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.


38) Information disclosure (CVE-ID: CVE-2025-31236)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in Finder. A local application can gain access to sensitive information.


39) Information exposure through log files (CVE-ID: CVE-2025-24142)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to inclusion of sensitive information into a log file in Notification Center. A local application can access sensitive user data.


40) Information disclosure (CVE-ID: CVE-2025-30443)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in AppleMobileFileIntegrity. A local application can gain unauthorized access to user-sensitive data.


41) Improper access control (CVE-ID: CVE-2025-31226)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions in ImageIO. A remote attacker can trick the victim into opening a specially crafted file and perform a denial-of-service.


42) Improper access control (CVE-ID: CVE-2025-31232)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Installer. A local application can access sensitive user data.


43) Double free (CVE-ID: CVE-2025-31241)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the OS kernel. A remote attacker trigger a double free error and crash the system.


44) Buffer overflow (CVE-ID: CVE-2025-31219)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing Microsoft Office files. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


45) Stack-based buffer overflow (CVE-ID: CVE-2024-8176)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


46) Protection Mechanism Failure (CVE-ID: CVE-2025-30440)

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in Libinfo. A local application can bypass ASLR protection mechanism and elevate privileges on the system.


47) Improper access control (CVE-ID: CVE-2025-31222)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in mDNSResponder. A local user can elevate privileges.


48) Improper input validation (CVE-ID: CVE-2025-24274)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insufficient input validation in Mobile Device Service. A local application can gain root privileges.


49) Information disclosure (CVE-ID: CVE-2025-31218)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output in NetworkExtension. A local application can observe the hostnames of new network connections.


50) Information disclosure (CVE-ID: CVE-2025-31256)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in Notes. An attacker with physical access to the system can observe user’s deleted notes via hot corner.


51) Input validation error (CVE-ID: CVE-2025-24224)

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can perform a denial of service (DoS) attack.


52) Out-of-bounds read (CVE-ID: CVE-2025-43374)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Wi-Fi component. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of kernel memory.


53) Path traversal (CVE-ID: CVE-2025-31248)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to input validation error when processing directory paths in UserAccountUpdater. A local application can gain access to sensitive user data. 


54) Spoofing attack (CVE-ID: CVE-2025-31266)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can trick the victim into visiting a specially crafted website and spoof the domain name in the title of a pop-up window.


Remediation

Install update from vendor's website.

References