Skip to main content

macOS CVE-2025-43240

MEDIUM
Improper Check or Handling of Exceptional Conditions (CWE-703)
2025-07-30 product-security@apple.com
Information Disclosure Apple macOS Red Hat Safari Suse
6.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Apr 06, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Jul 30, 2025 - 00:15 nvd
MEDIUM 6.2

DescriptionNVD

A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated.

AnalysisAI

Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.

Technical ContextAI

The vulnerability stems from a logic error (CWE-703: Improper Check or Handling of Exceptional Conditions) in Safari's download metadata handling. When a user downloads a file through Safari, the browser associates the download with its origin (the webpage or domain from which it was initiated). The flaw allows this origin association to be incorrectly assigned-for example, attributing a file downloaded from one source to a different origin. This occurs in the local file system context where Safari stores download metadata. The issue affects both the Safari web browser (CPE cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*) and the underlying macOS operating system (CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*), indicating the flaw may reside in shared WebKit or system-level download coordination code.

RemediationAI

Update Safari to version 18.6 or later, and update macOS Sequoia to version 15.6 or later. Both updates are available through Apple's official security update channels (https://support.apple.com/en-us/124149 for Safari-specific updates and https://support.apple.com/en-us/124152 for macOS system updates). Users unable to immediately patch should audit local file download histories and metadata to verify download origins match expected sources; however, no workaround exists for the underlying logic flaw, making patching the only reliable remediation. Apply these updates as part of regular security maintenance cycles rather than as emergency out-of-band patches given the low EPSS score.

More from same product – last 7 days

CVE-2026-44739 HIGH
8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
CVE-2026-5817 HIGH
8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock
CVE-2026-5843 HIGH
8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2026-9277 HIGH
8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

Share

CVE-2025-43240 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy