Skip to main content

macOS CVE-2025-43273

CRITICAL
Protection Mechanism Failure (CWE-693)
2025-07-30 product-security@apple.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Jul 30, 2025 - 00:15 nvd
CRITICAL 9.1

DescriptionCVE.org

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.8. A sandboxed process may be able to circumvent sandbox restrictions.

AnalysisAI

Sandbox escape in macOS Sequoia 15.x and Sonoma 14.x allows sandboxed processes to bypass security restrictions and access high-value confidential data or modify system integrity without authentication. Patched in macOS Sequoia 15.6 and macOS Sonoma 14.8. EPSS exploitation probability is low (0.05%, 16th percentile), and no public exploit identified at time of analysis, though the CVSS 9.1 rating reflects the severe theoretical impact of compromised sandbox isolation-a critical security boundary in macOS architecture.

Technical ContextAI

This vulnerability affects the macOS sandbox framework, which implements mandatory access control to restrict application capabilities and isolate processes from system resources. The sandbox operates as a kernel-level enforcement mechanism that limits file system access, network operations, and inter-process communication based on defined security profiles. The root cause falls under CWE-693 (Protection Mechanism Failure), indicating the sandbox's permission model contained weaknesses that allowed restricted operations to succeed despite policy constraints. Apple's sandbox relies on TrustedBSD MAC framework extensions and SBPL (Sandbox Profile Language) rules to enforce application-specific restrictions. This permissions issue allowed processes to perform actions outside their designated security profiles, undermining the defense-in-depth posture where sandbox serves as a containment layer even when application-level vulnerabilities exist. The CPE identifier indicates all macOS deployments prior to the specified fix versions were vulnerable, spanning both consumer and enterprise environments running Sequoia or Sonoma release families.

RemediationAI

Apply vendor-released patches immediately: upgrade macOS Sequoia systems to version 15.6 or later, and macOS Sonoma systems to version 14.8 or later. Updates are distributed through System Preferences > Software Update or via Apple Software Update Service for enterprise environments using Mobile Device Management solutions. Apple's security advisories are available at https://support.apple.com/en-us/124149 and https://support.apple.com/en-us/125112 with detailed update instructions and build identifiers. For enterprise deployments requiring staged rollout, prioritize systems processing untrusted content through sandboxed applications such as web browsers, email clients, and document viewers. No effective workarounds exist for sandbox architecture vulnerabilities-patching is the only remediation path. Verify successful update installation by checking system version in About This Mac and confirming build numbers match Apple's security bulletin specifications.

More in macOS

View all
CVE-2025-34089 CRITICAL POC
9.3 Jul 03

An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope

CVE-2023-43000 HIGH POC
8.8 Nov 05

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability

CVE-2026-20700 HIGH POC
7.8 Feb 11

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

CVE-2022-48618 HIGH
7.0 Jan 09

The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)

CVE-2024-27822 HIGH POC
7.8 May 14

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent

CVE-2023-22809 HIGH POC
7.8 Jan 18

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen

CVE-2022-46689 HIGH POC
7.0 Dec 15

A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth

CVE-2022-32845 CRITICAL POC
10.0 Sep 23

This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo

CVE-2022-32221 CRITICAL POC
9.8 Dec 05

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t

CVE-2022-32207 CRITICAL POC
9.8 Jul 07

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the

Share

CVE-2025-43273 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy