CVE-2025-43524

high

Published 2026-05-11 · Modified 2026-05-13

CVSS v3

8.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2

—

VIR risk

8.8

Description

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.

Predictions

Exploit likelihood

82%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: product-security@apple.com — https://support.apple.com/en-us/125886

vendor Authored 2026-05-27

Vendor advisory: apple — https://support.apple.com/en-us/127117

vendor Authored 2026-05-27

Vendor advisory: apple — https://support.apple.com/en-us/127116

OS impact

OS	Version	Status	Fixed in
macos	15.7.7	fixed
macos	14.8.7	fixed
macos		affected	`14.8.7`

References

https://support.apple.com/en-us/127116
https://support.apple.com/en-us/127117
https://support.apple.com/en-us/125886

CWEs

CWE-284

Verify integrity in audit chain (admin only). AS-IS.