Skip to main content

Apple CVE-2025-43257

| EUVDEUVD-2025-209197 HIGH
Improper Link Resolution Before File Access (CWE-59)
2026-04-02 apple GHSA-56pf-93rp-5vq3
8.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:08 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
15.6
EUVD ID Assigned
Apr 02, 2026 - 19:01 euvd
EUVD-2025-209197
Analysis Generated
Apr 02, 2026 - 19:01 vuln.today
CVE Published
Apr 02, 2026 - 18:25 nvd
HIGH 8.7

DescriptionCVE.org

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.

AnalysisAI

Sandbox escape in macOS Sequoia prior to 15.6 allows local applications with low privileges to break containment via symlink manipulation, potentially accessing restricted system resources and user data. Apple resolved this via improved symlink handling in macOS 15.6. CVSS score of 8.7 reflects high confidentiality and integrity impact with scope change. No public exploit identified at time of analysis, though SSVC framework indicates partial technical impact with no current exploitation evidence.

Technical ContextAI

This vulnerability stems from improper handling of symbolic links (CWE-59: Improper Link Resolution Before File Access), commonly known as a symlink following or time-of-check-time-of-use vulnerability. macOS employs App Sandbox as a mandatory access control mechanism to restrict application capabilities and file system access. Applications with low privileges (PR:L in CVSS vector) can craft malicious symlinks that, when resolved by the operating system, redirect file operations outside the intended sandbox boundary. The vulnerability affects macOS Sequoia versions prior to 15.6, as indicated by CPE string cpe:2.3:a:apple:macos and EUVD affected version range. Symlink vulnerabilities in sandboxed environments are particularly critical because they undermine the fundamental security architecture separating untrusted applications from sensitive system resources, enabling privilege escalation and unauthorized data access across security domains.

RemediationAI

Update macOS Sequoia to version 15.6 or later, which contains improved symlink handling mechanisms that prevent sandbox escape. Apple released this security update as documented in HT124149 security advisory at https://support.apple.com/en-us/124149. Users should apply updates through System Settings > General > Software Update or via enterprise deployment tools for managed environments. No workarounds are available for this vulnerability; patching to version 15.6 is the only effective remediation. Organizations should prioritize deployment to systems running untrusted or third-party applications where sandbox integrity is critical for security posture. Verify successful update by confirming macOS version 15.6 or higher in About This Mac system information.

Share

CVE-2025-43257 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy