CVE-2025-31272PATCHED

apple · macos

CVE-2025-31272: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass la

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.

Affected Products

Vendor	Product	Versions
apple	macos	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cert_advisory	90%
su	suse linux	cert_advisory	90%

References

https://support.apple.com/en-us/122373

Related News (2 articles)

Tier B

BSI Advisories17d ago

[UPDATE] [hoch] Apple macOS: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB18d ago

CVE-2025-31272 | Apple macOS up to 15.3 App privileges management

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

15.4

PublishedJun 11, 2026

Last enriched18d agov2

Trending Score6

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-43715EXP

CVE-2026-43715: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a

Trending: 56

CRITICALCVE-2026-43731EXP

CVE-2026-43731: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a

Trending: 56

CRITICALCVE-2026-43699EXP

CVE-2026-43699: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a

Trending: 51

CRITICALCVE-2026-43709EXP

CVE-2026-43709: A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 a

Trending: 51

CRITICALCVE-2026-43718EXP

CVE-2026-43718: A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPad

Trending: 51

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 11, 2026

Discovered by ZDM

Jun 11, 2026

Updated: severity, affectedVersions, cweIds

Jun 11, 2026

Patch Available

Jun 12, 2026

Version History

Last enriched 18d ago

v2Tier C18d ago

Updated severity from HIGH to CRITICAL, clarified affected versions as macOS up to 15.3, and identified CWE-269 (improper privilege management) as the primary weakness.

severityaffectedVersionscweIds

via VulDB

v118d ago

Initial creation