CVE-2025-43521

MEDIUM
2025-12-12 [email protected]
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Dec 12, 2025 - 21:15 nvd
MEDIUM 5.5

Tags

Apple macOS Information Disclosure

Description

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access sensitive user data.

Analysis

Local privilege escalation on Intel-based macOS systems allows unsigned or weakly-signed applications to access sensitive user data by downgrading code-signing protections through cryptographic validation bypass. The vulnerability affects macOS Sequoia prior to 15.7.3 and macOS Tahoe prior to 26.2, requires user interaction to execute a malicious app, and has an extremely low exploitation probability (EPSS 0.01%) despite moderate CVSS severity. No active exploitation or public exploit code has been identified.

Technical Context

The vulnerability stems from improper cryptographic signature validation (CWE-347: Improper Verification of Cryptographic Signature) in macOS code-signing enforcement mechanisms, specifically affecting Intel-based processors. Code-signing is a fundamental macOS security control that verifies application integrity and establishes trust. The 'downgrade issue' terminology suggests an attacker could bypass stricter signature requirements by reverting to weaker or legacy signing validation paths, potentially exploiting JWT (JSON Web Token) attack vectors as indicated by tagging. The fix introduces additional code-signing restrictions to close this downgrade path, preventing applications from negotiating weaker cryptographic guarantees.

Affected Products

Apple macOS on Intel-based Mac computers is affected across multiple versions: macOS Sequoia (all versions prior to 15.7.3) and macOS Tahoe (all versions prior to 26.2). The CPE specification cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* indicates all macOS variants within these release lines are in scope. Users on newer Apple Silicon-based Macs are reportedly unaffected, suggesting the vulnerability is specific to Intel processor microarchitecture or related firmware validation paths. Detailed advisory information is available at https://support.apple.com/en-us/125886 and https://support.apple.com/en-us/125887.

Remediation

Vendor-released patches are available: upgrade Intel-based macOS Sequoia systems to version 15.7.3 or later, and upgrade macOS Tahoe systems to version 26.2 or later. Both updates include additional code-signing restrictions that prevent downgrade attacks against cryptographic signature validation. Apple Silicon-based Mac users are not affected and require no action. Users should enable automatic macOS updates or manually install the latest security updates through System Settings > General > Software Update. Verification of successful patching can be confirmed by checking System Information for the patched macOS version number.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Share

CVE-2025-43521 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy