CVE-2025-43482

MEDIUM
2025-12-12 [email protected]
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Dec 12, 2025 - 21:15 nvd
MEDIUM 5.5

Tags

Apple macOS Denial Of Service

Description

The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service.

Analysis

Denial-of-service vulnerability in Apple macOS allows local authenticated applications to crash the system or specific services through improper input validation. Affects macOS Sequoia (before 15.7.3), Sonoma (before 14.8.3), and Tahoe (before 26.2). Attack requires local access and low privileges but no user interaction; however, real-world risk is minimal with EPSS probability of 0.02% and no public exploit identified.

Technical Context

The vulnerability stems from insufficient input validation (CWE-20) in macOS kernel or system services. An unprivileged local application can trigger a denial-of-service condition by sending specially crafted input that bypasses validation checks, leading to a crash or resource exhaustion. The affected component processes input from applications running on the same system; the local attack vector and low complexity indicate the flaw is likely in a commonly-invoked system API or IPC mechanism that does not adequately sanitize parameters before use in a sensitive operation.

Affected Products

Apple macOS across multiple versions: macOS Sequoia versions prior to 15.7.3, macOS Sonoma versions prior to 14.8.3, and macOS Tahoe versions prior to 26.2. Exact version ranges are not independently specified but correspond to major releases identified in the Apple security advisories (https://support.apple.com/en-us/125886, https://support.apple.com/en-us/125887, https://support.apple.com/en-us/125888). CPE identifiers indicate all configurations of macOS are potentially affected across the identified versions.

Remediation

Install the vendor-released security updates immediately: macOS Sequoia 15.7.3 or later, macOS Sonoma 14.8.3 or later, or macOS Tahoe 26.2 or later. Users should enable automatic security updates through System Settings > General > Software Update to ensure patches are applied without delay. No workarounds are documented; patching is the primary remediation. Refer to Apple's official security advisories at https://support.apple.com/en-us/125886, https://support.apple.com/en-us/125887, and https://support.apple.com/en-us/125888 for detailed update instructions and affected hardware models.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Share

CVE-2025-43482 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy