CVE-2025-43274

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-43274
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions.

4.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/124149 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
History

31 Jul 2025, 21:25

Type Values Removed Values Added
References () https://support.apple.com/en-us/124149 - () https://support.apple.com/en-us/124149 - Release Notes, Vendor Advisory
First Time Apple
Apple macos
CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

30 Jul 2025, 14:15

Type Values Removed Values Added
Summary
  • (es) Se solucionó un problema de privacidad eliminando el código vulnerable. Este problema se solucionó en macOS Sequoia 15.6. Un proceso en un entorno de pruebas podría eludir las restricciones del mismo.
CWE CWE-311
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.4

30 Jul 2025, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-30 00:15

Updated : 2025-07-31 21:25

NVD link : CVE-2025-43274

Mitre link : CVE-2025-43274

CVE.ORG link : CVE-2025-43274

JSON object : View

Products Affected

apple

  • macos
CWE
CWE-311

Missing Encryption of Sensitive Data