vulnerability

OS X update for RPAC (CVE-2025-24191)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:M/Au:N/C:N/I:C/A:N)	Mar 31, 2025	Apr 8, 2025	Mar 27, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:C/A:N)

Published

Mar 31, 2025

Added

Apr 8, 2025

Modified

Mar 27, 2026

Description

The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system.

Solution

apple-osx-upgrade-15_4

References

CVE-2025-24191
https://attackerkb.com/topics/CVE-2025-24191
CWE-20
EUVD-EUVD-2025-9010
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-9010
https://support.apple.com/en-us/122373

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today