CVE-2025-43236

| EUVD-2025-209195 LOW
2026-04-02 apple GHSA-whc4-7qg7-64gg
3.3
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Apr 02, 2026 - 19:01 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 19:01 euvd
EUVD-2025-209195
CVE Published
Apr 02, 2026 - 18:27 nvd
LOW 3.3

Tags

Apple Information Disclosure Memory Corruption

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.

Analysis

Type confusion in macOS memory handling allows local attackers to cause unexpected app termination through crafted user interaction, affecting macOS Sequoia before 15.6, Sonoma before 14.7.7, and Ventura before 13.7.7. With a CVSS score of 3.3 and SSVC exploitation status of 'none', this represents a low-severity local denial-of-service condition requiring user interaction; no public exploit code or active exploitation has been identified.

Technical Context

The vulnerability stems from a type confusion weakness (CWE-843) in macOS memory handling routines. Type confusion occurs when an object is treated as a different data type than its actual type, leading to incorrect memory access patterns and potential memory corruption. The affected component is embedded across multiple macOS versions (Sequoia, Sonoma, Ventura) and impacts the general macOS operating system rather than a discrete application. The fix involved improved memory handling and type safety enforcement, though specific implementation details were not disclosed by Apple.

Affected Products

Apple macOS across three major versions is affected: macOS Sequoia (all versions below 15.6), macOS Sonoma (all versions below 14.7.7), and macOS Ventura (all versions below 13.7.7). The CPE notation cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:* reflects the broad applicability across macOS installations. Exact version ranges from ENISA EUVD data confirm the vulnerability exists in macOS 0 through versions prior to the specified patch releases across all three supported major versions.

Remediation

Users of affected macOS versions must apply the vendor-released security updates: upgrade macOS Sequoia to 15.6 or later, macOS Sonoma to 14.7.7 or later, or macOS Ventura to 13.7.7 or later. These versions incorporate improved memory handling and type confusion mitigation. No workarounds for the underlying type confusion are available; patch deployment is the primary remediation path. Detailed update instructions are available in Apple's official security bulletins at https://support.apple.com/en-us/124149 (Sequoia), https://support.apple.com/en-us/124150 (Sonoma), and https://support.apple.com/en-us/124151 (Ventura).

Priority Score

17
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +16
POC: 0

Share

CVE-2025-43236 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy