CVE-2025-43289

medium

Published 2026-05-26 · Modified 2026-05-27

CVSS v3

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

—

VIR risk

5.5

Description

A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data.

Predictions

Exploit likelihood

55%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/en-us/125112

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/en-us/125111

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/en-us/125110

OS impact

OS	Version	Status	Fixed in
macos		affected	`14.8`

References

https://support.apple.com/en-us/125110
https://support.apple.com/en-us/125111
https://support.apple.com/en-us/125112

CWEs

CWE-285

Verify integrity in audit chain (admin only). AS-IS.