CVE-2025-43198 | This issue was addressed by removing the vulnerable code. Th… | CVSS 9.8 CRITICAL

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to access protected user data.

Metadata

CVE ID: CVE-2025-43198
State: PUBLISHED
Assigner: apple
Reserved: 2025-04-16 15:24 UTC
Published: 2025-07-29 23:35 UTC
Last updated: 2026-04-02 18:14 UTC
Primary CWE: CWE-284
CWE-284 Improper Access Control
Vendor / Product: Apple / macOS
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Apple	macOS	—	0 < 14.7.7, 0 < 15.6

Weakness (CWE)

CWE	Source	Description
—	cna	An app may be able to access protected user data
CWE-284	adp	CWE-284 Improper Access Control

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)