EUVD-2025-209196

| CVE-2025-43238 MEDIUM
2026-04-02 apple GHSA-6qw7-vfjm-2g92
6.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 02, 2026 - 19:01 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 19:01 euvd
EUVD-2025-209196
CVE Published
Apr 02, 2026 - 18:09 nvd
MEDIUM 6.2

Tags

Apple Integer Overflow Buffer Overflow

Description

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.

Analysis

Integer overflow in macOS kernel allows local applications to trigger unexpected system termination (denial of service) on Sequoia, Sonoma, and Ventura systems. The vulnerability requires local execution (AV:L) with no authentication or user interaction, enabling any installed application to crash the system. Apple has released patches addressing this issue in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. No public exploit code or active exploitation has been reported at the time of analysis.

Technical Context

This vulnerability stems from an integer overflow condition (CWE-190) in macOS kernel code responsible for input validation. Integer overflows occur when arithmetic operations on integer variables exceed the maximum representable value for that data type, potentially wrapping to unexpected values and bypassing validation checks. The vulnerability affects core macOS system libraries used by applications, making it accessible to any locally-running process without elevated privileges. The CPE data indicates the vulnerability exists across macOS versions 14.x (Sonoma) below 14.7.7, 15.x (Sequoia) below 15.6, and 13.x (Ventura) below 13.7.7, suggesting the flawed code spans multiple kernel release branches.

Affected Products

macOS Ventura versions prior to 13.7.7, macOS Sonoma versions prior to 14.7.7, and macOS Sequoia versions prior to 15.6 are affected. The CPE (cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*) indicates all macOS product variants in these version ranges are vulnerable. Specific advisories and security content updates are available from Apple support at https://support.apple.com/en-us/124149 (for one version branch), https://support.apple.com/en-us/124150 (for another), and https://support.apple.com/en-us/124151 (for the third). The ENISA EUVD database catalogues this issue under EUVD-2025-209196.

Remediation

Users should immediately install the vendor-released patches: macOS Ventura 13.7.7 or later, macOS Sonoma 14.7.7 or later, or macOS Sequoia 15.6 or later, depending on which version they are running. These patches address the integer overflow with improved input validation in the affected kernel code. Patches are available through the standard macOS Software Update mechanism. No workarounds are available; patching is the required mitigation. Users should consult the Apple security advisories at https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, and https://support.apple.com/en-us/124151 for their respective macOS version to confirm compatibility and deployment guidance.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +31
POC: 0

Share

EUVD-2025-209196 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy