CVE-2025-31272PATCHED

apple · macos

CVE-2025-31272: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass la

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.

Affected Products

Vendor	Product	Versions
apple	macos	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	macos	cert_advisory	90%
su	suse linux	cert_advisory	90%

References

https://support.apple.com/en-us/122373

Related News (2 articles)

Tier B

BSI Advisories17d ago

[UPDATE] [hoch] Apple macOS: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB18d ago

CVE-2025-31272 | Apple macOS up to 15.3 App privileges management

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

15.4

PublishedJun 11, 2026

Last enriched18d agov2

Trending Score6

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-28898EXP

CVE-2026-28898: swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing t

Trending: 32

CRITICALCVE-2026-49269

CVE-2026-49269: Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal at

Trending: 26

PRE-CVE

Multiple vulnerabilities in Apple iOS, iPadOS, and macOS Tahoe

Trending: 20

CRITICALCVE-2025-24284

CVE-2025-24284: This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4

Trending: 7

CRITICALCVE-2025-46293

CVE-2025-46293: This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be ab

Trending: 6

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 11, 2026

Discovered by ZDM

Jun 11, 2026

Updated: severity, affectedVersions, cweIds

Jun 11, 2026

Patch Available

Jun 12, 2026

Version History

Last enriched 18d ago

v2Tier C18d ago

Updated severity from HIGH to CRITICAL, clarified affected versions as macOS up to 15.3, and identified CWE-269 (improper privilege management) as the primary weakness.

severityaffectedVersionscweIds

via VulDB

v118d ago

Initial creation