CVE-2025-43463

MEDIUM
2025-12-12 [email protected]
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Dec 12, 2025 - 21:15 nvd
MEDIUM 5.5

Tags

Apple macOS Path Traversal Information Disclosure

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data.

Analysis

Path traversal vulnerability in macOS directory path handling allows local apps with user privileges to read sensitive user data through improper path validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.1). EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite moderate CVSS severity.

Technical Context

The vulnerability stems from CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic path traversal flaw. The macOS kernel or system libraries fail to properly validate and sanitize directory path inputs, allowing an app running with user privileges to construct paths that escape intended directory boundaries and access files outside its permitted scope. The fix involved implementing enhanced path validation logic across affected macOS versions to prevent directory traversal sequences (such as '../' chains) or symlink-based escapes from bypassing access controls.

Affected Products

Apple macOS is affected across three major versions: macOS Sequoia prior to version 15.7.3, macOS Sonoma prior to version 14.8.3, and macOS Tahoe prior to version 26.1. The CPE identifiers (cpe:2.3:o:apple:macos) cover the operating system across all configurations. Specific advisory references are available from Apple's security support pages (support.apple.com/en-us/125634, 125887, and 125888) detailing the exact version requirements for each macOS release line.

Remediation

Users should immediately update to patched versions: macOS Sequoia 15.7.3 or later, macOS Sonoma 14.8.3 or later, or macOS Tahoe 26.1 or later. No temporary workaround is documented; patching is the sole remediation path. Updates are available through System Preferences > Software Update or by visiting Apple's support pages (https://support.apple.com/en-us/125634, https://support.apple.com/en-us/125887, https://support.apple.com/en-us/125888). Users on unsupported macOS versions should consider upgrading to a currently maintained release.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Share

CVE-2025-43463 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy