CVE-2025-43278 | This issue was addressed with improved handling of symlinks.… | CVSS 5.5 MEDIUM

Description

This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

Metadata

CVE ID: CVE-2025-43278
State: PUBLISHED
Assigner: apple
Reserved: 2025-04-16 15:24 UTC
Published: 2026-06-11 18:47 UTC
Last updated: 2026-06-12 21:22 UTC
Primary CWE: CWE-61
CWE-61 UNIX Symbolic Link (Symlink) Following
Vendor / Product: Apple / macOS
Sources: cve.org · NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Apple	macOS	—	0 < 15.4

Weakness (CWE)

CWE	Source	Description
—	cna	An app may be able to access protected user data
CWE-61	adp	CWE-61 UNIX Symbolic Link (Symlink) Following

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.5	MEDIUM	3.1	adp	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References (1)

https://support.apple.com/en-us/122373