CVE-2025-43527

HIGH
2025-12-12 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Dec 12, 2025 - 21:15 nvd
HIGH 7.8

Tags

Apple macOS Privilege Escalation

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to gain root privileges.

Analysis

Local privilege escalation in macOS Sequoia (pre-15.7.3) and macOS Tahoe (pre-26.2) allows authenticated users with low-level privileges to gain root access via a permissions flaw. Apple addressed the issue with additional restrictions in the latest updates. EPSS score of 0.01% indicates minimal observed exploitation activity, and no public exploit identified at time of analysis.

Technical Context

This vulnerability stems from CWE-280 (Improper Handling of Insufficient Permissions or Privileges), indicating that the operating system failed to properly enforce permission boundaries between low-privileged user contexts and root-level system resources. The affected component is the core macOS permission framework present in both the current Sequoia branch (15.x) and the newer Tahoe release (26.x). Apple's fix involved adding additional restrictions to the permissions model, suggesting the original implementation either granted excessive default permissions to applications or failed to validate privilege boundaries during certain system operations. The vulnerability affects the macOS kernel or system framework layer where privilege separation is enforced, allowing applications running in user space to bypass intended security boundaries and execute code with superuser privileges.

Affected Products

The vulnerability affects Apple macOS Sequoia versions prior to 15.7.3 and macOS Tahoe versions prior to 26.2, matching CPE identifier cpe:2.3:o:apple:macos. Both mainstream and latest-generation macOS releases contain the permissions handling flaw. Apple's support advisories at https://support.apple.com/en-us/125886 and https://support.apple.com/en-us/125887 provide detailed affected version information and confirm the scope encompasses enterprise and consumer deployments running unfixed versions of these operating system branches.

Remediation

Vendor-released patch: macOS Sequoia 15.7.3 and macOS Tahoe 26.2. Organizations should prioritize updating all macOS endpoints to these fixed versions through standard enterprise patch management workflows. Apply updates via System Settings > General > Software Update for individual systems, or deploy through Mobile Device Management (MDM) solutions such as Jamf Pro or Kandji for enterprise environments. Full advisory and update instructions are available at https://support.apple.com/en-us/125886 and https://support.apple.com/en-us/125887. No workarounds have been published; patching is the only effective remediation. Given the local attack vector, compensating controls such as restricting user application installation privileges and monitoring for suspicious privilege escalation attempts via Endpoint Detection and Response (EDR) solutions can provide interim risk reduction while patches are deployed.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

CVE-2025-43527 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy