macOS Sequoia 15.4 Symlink Access Control Bypass (CVE-2025-46293): CVE-2025-46293 June 2026

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

Vulnerability Analysis

CVE-2025-46293 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2025-46293 has been classified to as an insecure temporary file vulnerability or weakness.

Products Associated with CVE-2025-46293

Want to know whenever a new CVE is published for Apple macOS? stack.watch will email you.

macOS Sequoia 15.4 Symlink Access Control Bypass (CVE-2025-46293)
CVE-2025-46293 Published on June 11, 2026

Vulnerability Analysis

Weakness Type

What is an insecure temporary file Vulnerability?

Products Associated with CVE-2025-46293

Affected Versions

macOS Sequoia 15.4 Symlink Access Control Bypass (CVE-2025-46293)CVE-2025-46293 Published on June 11, 2026

Vulnerability Analysis

Weakness Type

What is an insecure temporary file Vulnerability?

Products Associated with CVE-2025-46293

Affected Versions

macOS Sequoia 15.4 Symlink Access Control Bypass (CVE-2025-46293)
CVE-2025-46293 Published on June 11, 2026