High8.6
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

PT-2025-33: Security restriction bypass in macOS Shortcuts

Error type:

  • CWE-358:Improperly Implemented Security Check for Standard

Vulnerability vector:

  • Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • Severity (CVSSv4.0): 8.6 (high)

Description:

The vulnerability was identified in macOS Shortcuts, versions to macOS Sequoia 15.5.

The discovered vulnerability allows an attacker to bypass security restrictions and execute arbitrary code delivered via an FTP or SMB server.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 12.05.2025

Recommendations:

  • Update to version macOS Sequoia 15.5 or higher

Additional information: Security advisory, Press Release

Researcher: Egor Filatov (Positive Technologies)

Identifiers:

BDU:2025-02497

Vendor:

Apple Inc

Vulnerable product:

Shortcuts

Vulnerable versions:

to macOS Sequoia 15.5

Share link