CVE-2025-43278

5.5 MEDIUM

This issue was addressed with improved handling of symlinks

Published: 2026-06-11 · Last updated: 2026-06-12

Severity and scoring

CVSS: 5.5 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-61

Description

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-54420 — LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with ... (8.5 HIGH)
CVE-2026-42306 — Moby is an open source container framework (7.2 HIGH)
CVE-2026-5223 — Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to overrid... (5.3 MEDIUM)
CVE-2026-8784 — A vulnerability was detected in npitre cramfs-tools up to 2.2 (4.2 MEDIUM)
CVE-2026-6475 — Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g (8.8 HIGH)