Skip to main content

Apple EUVDEUVD-2025-209195

| CVE-2025-43236 LOW
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2026-04-02 apple GHSA-whc4-7qg7-64gg
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
15.6,14.7.7,13.7.7
EUVD ID Assigned
Apr 02, 2026 - 19:01 euvd
EUVD-2025-209195
Analysis Generated
Apr 02, 2026 - 19:01 vuln.today
CVE Published
Apr 02, 2026 - 18:27 nvd
LOW 3.3

DescriptionCVE.org

A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.

AnalysisAI

Type confusion in macOS memory handling allows local attackers to cause unexpected app termination through crafted user interaction, affecting macOS Sequoia before 15.6, Sonoma before 14.7.7, and Ventura before 13.7.7. With a CVSS score of 3.3 and SSVC exploitation status of 'none', this represents a low-severity local denial-of-service condition requiring user interaction; no public exploit code or active exploitation has been identified.

Technical ContextAI

The vulnerability stems from a type confusion weakness (CWE-843) in macOS memory handling routines. Type confusion occurs when an object is treated as a different data type than its actual type, leading to incorrect memory access patterns and potential memory corruption. The affected component is embedded across multiple macOS versions (Sequoia, Sonoma, Ventura) and impacts the general macOS operating system rather than a discrete application. The fix involved improved memory handling and type safety enforcement, though specific implementation details were not disclosed by Apple.

RemediationAI

Users of affected macOS versions must apply the vendor-released security updates: upgrade macOS Sequoia to 15.6 or later, macOS Sonoma to 14.7.7 or later, or macOS Ventura to 13.7.7 or later. These versions incorporate improved memory handling and type confusion mitigation. No workarounds for the underlying type confusion are available; patch deployment is the primary remediation path. Detailed update instructions are available in Apple's official security bulletins at https://support.apple.com/en-us/124149 (Sequoia), https://support.apple.com/en-us/124150 (Sonoma), and https://support.apple.com/en-us/124151 (Ventura).

Share

EUVD-2025-209195 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy