macOS
CVE-2025-43273
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.8. A sandboxed process may be able to circumvent sandbox restrictions.
AnalysisAI
Sandbox escape in macOS Sequoia 15.x and Sonoma 14.x allows sandboxed processes to bypass security restrictions and access high-value confidential data or modify system integrity without authentication. Patched in macOS Sequoia 15.6 and macOS Sonoma 14.8. EPSS exploitation probability is low (0.05%, 16th percentile), and no public exploit identified at time of analysis, though the CVSS 9.1 rating reflects the severe theoretical impact of compromised sandbox isolation-a critical security boundary in macOS architecture.
Technical ContextAI
This vulnerability affects the macOS sandbox framework, which implements mandatory access control to restrict application capabilities and isolate processes from system resources. The sandbox operates as a kernel-level enforcement mechanism that limits file system access, network operations, and inter-process communication based on defined security profiles. The root cause falls under CWE-693 (Protection Mechanism Failure), indicating the sandbox's permission model contained weaknesses that allowed restricted operations to succeed despite policy constraints. Apple's sandbox relies on TrustedBSD MAC framework extensions and SBPL (Sandbox Profile Language) rules to enforce application-specific restrictions. This permissions issue allowed processes to perform actions outside their designated security profiles, undermining the defense-in-depth posture where sandbox serves as a containment layer even when application-level vulnerabilities exist. The CPE identifier indicates all macOS deployments prior to the specified fix versions were vulnerable, spanning both consumer and enterprise environments running Sequoia or Sonoma release families.
RemediationAI
Apply vendor-released patches immediately: upgrade macOS Sequoia systems to version 15.6 or later, and macOS Sonoma systems to version 14.8 or later. Updates are distributed through System Preferences > Software Update or via Apple Software Update Service for enterprise environments using Mobile Device Management solutions. Apple's security advisories are available at https://support.apple.com/en-us/124149 and https://support.apple.com/en-us/125112 with detailed update instructions and build identifiers. For enterprise deployments requiring staged rollout, prioritize systems processing untrusted content through sandboxed applications such as web browsers, email clients, and document viewers. No effective workarounds exist for sandbox architecture vulnerabilities-patching is the only remediation path. Verify successful update installation by checking system version in About This Mac and confirming build numbers match Apple's security bulletin specifications.
An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authent
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environmen
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no auth
This issue was addressed with improved checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely explo
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data t
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today