CVE-2025-46282

CVE Database · CVE-2025-46282

CVE-2025-46282

· MEDIUMModified

CVSS v3.1

5.5

EPSS

0.15%

Published

Dec 17, 2025

Modified

Apr 2, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The issue was addressed with additional permissions checks. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. An app may be able to access sensitive user data.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-284

Affected Products (2)

apple · safari (up to 26.2)vulnerable

apple · macos (up to 26.2)vulnerable

References (2)

https://support.apple.com/en-us/125886

Release NotesVendor Advisory

https://support.apple.com/en-us/125892

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs