macOS Sequoia 15.4: Path Validation Vulnerability in Directory Handling
CVE-2025-24268 Published on June 11, 2026

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.

NVD

Vulnerability Analysis

CVE-2025-24268 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2025-24268 has been classified to as a Directory traversal vulnerability or weakness.


Products Associated with CVE-2025-24268

Want to know whenever a new CVE is published for Apple macOS? stack.watch will email you.

Apple macOS
 

Affected Versions

Apple macOS: