What is the CVSS score of EUVD-2025-209938?

EUVD-2025-209938 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Apple macOS are affected by EUVD-2025-209938?

A local privilege escalation vulnerability in Apple macOS (CVE-2025-43306) enables installed applications with low privileges to escalate to root access, affecting Sonoma (before 14.8), Sequoia…. A patch is available.

How to fix or mitigate EUVD-2025-209938?

Within 24 hours: Inventory all macOS systems and identify those running Sonoma, Sequoia, or Tahoe prior to the patched versions. Within 7 days: Mandatory deployment of Sonoma 14.8+, Sequoia 15.7+, and Tahoe 26+ across all endpoints, prioritizing administrative systems and shared infrastructure. Within 30 days: Audit patch compliance to 100% coverage and establish automated macOS update policies to prevent recurrence.

Apple macOS EUVD-2025-209938

| CVE-2025-43306 HIGH

Improper Privilege Management (CWE-269)

2026-05-26 apple

Privilege Escalation Apple

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 19:39 vuln.today

CVSS changed

May 27, 2026 - 19:37 NVD

7.8 (HIGH)

Patch available

May 26, 2026 - 23:02 EUVD

CVE Published

May 26, 2026 - 21:32 nvd

HIGH 7.8

CVE Published

May 26, 2026 - 21:32 nvd

UNKNOWN (no severity yet)

DescriptionNVD

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges.

AnalysisAI

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root by exploiting a logic flaw (improper privilege management) that was resolved with additional validation checks. The flaw affects macOS Sonoma before 14.8, macOS Sequoia before 15.7, and macOS Tahoe before 26, and was reported by Apple itself. There is no public exploit identified at time of analysis and no EPSS or KEV signal was provided, indicating no confirmed active exploitation.

Technical ContextAI

The affected component is Apple's macOS operating system (cpe:2.3:a:apple:macos), spanning the Sonoma, Sequoia, and Tahoe release trains. The root cause is classified as CWE-269 (Improper Privilege Management): a code path performed an action or trusted a state without correctly enforcing the privilege boundary it should have. Apple's own characterization - 'a logic issue addressed with improved checks' - confirms this was a missing or insufficient authorization/validation check rather than a memory-corruption bug, which is consistent with the high integrity and confidentiality impact in the CVSS vector. Because scope is Unchanged (S:U), the elevation occurs within the same security authority (the OS kernel/privileged services) rather than crossing into a separate sandbox or VM boundary.

RemediationAI

Apply the vendor-released patch by upgrading to the fixed builds: macOS Sonoma 14.8, macOS Sequoia 15.7, or macOS Tahoe 26, depending on your installed train, as documented in Apple's advisories at https://support.apple.com/en-us/125110, https://support.apple.com/en-us/125111, and https://support.apple.com/en-us/125112. No vendor-provided workaround is published; because exploitation requires a malicious or compromised application running locally, interim compensating controls should focus on reducing untrusted local code execution: keep Gatekeeper and System Integrity Protection enabled and do not disable them (disabling SIP would broaden, not reduce, exposure), restrict installation to apps from the App Store or identified developers, and limit the number of low-privilege local accounts that can run arbitrary software. These controls reduce the chance an attacker obtains the local low-privilege foothold the bug requires, but they do not remediate the flaw itself - patching is the only complete fix.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-5817 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock

CVE-2026-5843 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2026-49237 HIGH This Week

7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

CVE-2025-46284 HIGH This Week

7.0 May 26

Local privilege escalation in Apple macOS allows a malicious or compromised application to win a race condition (CWE-362

EUVD-2025-209938 vulnerability details – vuln.today

Back

Apple macOS EUVD-2025-209938

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code