CVE-2025-43403
5.5 MEDIUMAn authorization issue was addressed with improved state management
Published: 2026-02-11 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- CWE
- CWE-285
Affected products
| Vendor | Product |
|---|---|
| apple | macos |
Description
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An app may be able to access sensitive user data.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-43403
- [Other]https://support.apple.com/en-us/125110
- [Vendor advisory]https://support.apple.com/en-us/126349
- [Vendor advisory]https://support.apple.com/en-us/126350
Related CVEs
Same vendor
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)
- CVE-2025-46313 — A logging issue was addressed with improved data redaction (5.5 MEDIUM)
- CVE-2025-46308 — An authorization issue was addressed with improved state management (5.3 MEDIUM)
- CVE-2025-46293 — This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
- CVE-2025-43339 — An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)
Same CWE
- CVE-2026-12213 — A vulnerability was found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
- CVE-2026-12204 — A vulnerability was determined in ShopXO up to 6.7.1 (7.3 HIGH)
- CVE-2026-12190 — A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android (5.3 MEDIUM)
- CVE-2026-12189 — A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android (5.3 MEDIUM)
- CVE-2026-49397 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (5.3 MEDIUM)