CVE-2025-31194
Published: 31 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-31194 is an authentication vulnerability caused by improper state management, affecting the Shortcuts feature in macOS. This flaw allows a Shortcut to execute with administrative privileges without requiring authentication. The issue impacts macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-862 (Missing Authorization).
A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation enables the attacker to run a Shortcut with admin privileges, achieving high impacts on confidentiality, integrity, and availability, which could result in full system compromise.
Apple advisories indicate the issue was fixed with improved state management in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Security practitioners should apply these updates promptly, with further details available in the referenced Apple support pages and Full Disclosure mailing list postings.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables remote unauthenticated exploitation over the network to execute Shortcuts with administrative privileges without authorization, directly facilitating T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) to achieve full system compromise.