CVE-2025-43194 | The issue was addressed with improved checks. This issue is … | CVSS 9.8 CRITICAL

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to modify protected parts of the file system.

Metadata

CVE ID: CVE-2025-43194
State: PUBLISHED
Assigner: apple
Reserved: 2025-04-16 15:24 UTC
Published: 2025-07-29 23:35 UTC
Last updated: 2026-04-02 18:13 UTC
Primary CWE: CWE-284
CWE-284 Improper Access Control
Vendor / Product: Apple / macOS
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Apple	macOS	—	0 < 13.7.7, 0 < 14.7.7, 0 < 15.6

Weakness (CWE)

CWE	Source	Description
—	cna	An app may be able to modify protected parts of the file system
CWE-284	adp	CWE-284 Improper Access Control

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)