CVE-2025-43249

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/124149	Release Notes Vendor Advisory
https://support.apple.com/en-us/124150	Release Notes Vendor Advisory
https://support.apple.com/en-us/124151	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/34

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

History

No history.

Information

Published : 2025-07-30 00:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-43249

Mitre link : CVE-2025-43249

CVE.ORG link : CVE-2025-43249

JSON object : View

Products Affected

apple

macos

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2025-43249", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-07-30T00:15:36.740", "references": [{"url": "https://support.apple.com/en-us/124149", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/124150", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/124151", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/33", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/34", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges."}, {"lang": "es", "value": "Se solucion\u00f3 un problema l\u00f3gico mejorando las comprobaciones. Este problema se solucion\u00f3 en macOS Sequoia 15.6, macOS Sonoma 14.7.7 y macOS Ventura 13.7.7. Es posible que una aplicaci\u00f3n obtenga privilegios de root."}], "lastModified": "2025-11-03T20:18:57.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32DF9916-8A45-426F-BA36-FC73FD668828", "versionEndExcluding": "13.7.7"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F043DE0-C517-463D-9693-53789EB6132D", "versionEndExcluding": "14.7.7", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CF17CE2-DB4B-48D1-81AF-67EF1EC7BB45", "versionEndExcluding": "15.6", "versionStartIncluding": "15.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}