Analysis Summary

CVE-2025-24215 CVSS:5.5

Apple macOS Sonoma could allow a local attacker to obtain sensitive information, caused by an error in the CloudKit component. By using a specially crafted application, an attacker could access private information.

CVE-2025-24203 CVSS:5.5

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system.

Impact

• Information Disclosure
• Security Bypass

Indicators of Compromise

CVE

• CVE-2025-24215

• CVE-2025-24203

Affected Vendors

Remediation

Refer to Apple security document for patch, upgrade or suggested workaround information.

Apple security document