CVE-2025-43290
5.5 MEDIUMA permissions issue was addressed with additional restrictions
Published: 2026-05-26 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-732
Affected products
| Vendor | Product |
|---|---|
| apple | macos |
Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file system.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-43290
- [Vendor advisory]https://support.apple.com/en-us/125110
- [Vendor advisory]https://support.apple.com/en-us/125111
- [Vendor advisory]https://support.apple.com/en-us/125112
Related CVEs
Same vendor
- CVE-2025-46307 — A logic issue was addressed with improved restrictions (5.5 MEDIUM)
- CVE-2025-46284 — A race condition was addressed with additional validation (7.0 HIGH)
- CVE-2025-46280 — An out-of-bounds read was addressed with improved bounds checking (5.5 MEDIUM)
- CVE-2025-43451 — A permissions issue was addressed by removing the vulnerable code (5.5 MEDIUM)
- CVE-2025-43306 — A logic issue was addressed with improved checks (7.8 HIGH)
Same CWE
- CVE-2026-0271 — A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to exec...
- CVE-2026-50570 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)
- CVE-2026-26422 — clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation (8.4 HIGH)
- CVE-2026-50590 — In Mimecast Incydr before 2.6.0, arbitrary file access can occur (4.5 MEDIUM)
- CVE-2026-10997 — Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install... (6.5 MEDIUM)