Improper authentication in macOS - CVE-2025-31264
Published: June 21, 2025
Vulnerability identifier: #VU111709
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-31264
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper authentication in macOS Recovery feature. An attacker with physical access to the system can obtain sensitive user information from a locked device.
How to mitigate CVE-2025-31264
Install updates from vendor's website.