CVE-2025-31272
Analyzed
Analyzed - Analysis Complete
macOS Sequoia Privilege Escalation via Launch Constraints Bypass
Vulnerability report for CVE-2025-31272, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-11
Last updated on: 2026-06-12
Assigner: Apple Inc.
Description
Description
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 15.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |