Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
AnalysisAI
Out-of-bounds read in Apple macOS (all versions prior to macOS Tahoe 26) allows a locally authenticated, low-privileged application to trigger unexpected system termination, constituting a local denial-of-service condition. The root cause is insufficient bounds checking in a macOS component, addressed by Apple in macOS Tahoe 26. No public exploit code exists and this vulnerability is not listed in CISA KEV, though a vendor-confirmed patch is available.
Technical ContextAI
CWE-125 (Out-of-Bounds Read) describes a condition where software reads data past the end or before the beginning of an intended buffer. In this case, a macOS component fails to validate memory access boundaries before reading, allowing a local application to cause the operating system to access invalid memory regions. The CPE string cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:* confirms the vulnerability affects the Apple macOS application layer broadly across all versions prior to Tahoe 26. Apple's remediation - improved bounds checking - is the standard mitigation for CWE-125 class vulnerabilities. Notably, the assigned tags include 'Information Disclosure,' which conflicts with the CVSS vector's C:N (no confidentiality impact); the primary and confirmed impact is availability loss via system termination, and the information disclosure characterization is not independently supported by available data.
RemediationAI
The primary remediation is to upgrade to macOS Tahoe 26, which Apple confirms resolves this issue via improved bounds checking. Refer to the Apple security advisory at https://support.apple.com/en-us/125110 for update instructions. No workarounds are documented by the vendor. If immediate upgrade is not feasible in managed environments, restricting the execution of untrusted third-party applications via macOS Gatekeeper, MDM application allow-listing, or System Integrity Protection (SIP) policies can reduce exposure by limiting which apps can trigger the vulnerable code path, though these controls are compensating measures and do not eliminate the underlying vulnerability.
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209942