CVE-2025-43256

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-43256

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

T

his issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to gain root privileges.

References
Link Resource
https://support.apple.com/en-us/124149 Release Notes Vendor Advisory
https://support.apple.com/en-us/124150 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/33
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
History

03 Nov 2025, 20:18

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Jul/32 -
  • () http://seclists.org/fulldisclosure/2025/Jul/33 -

31 Jul 2025, 21:03

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-30 00:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-43256

Mitre link : CVE-2025-43256

CVE.ORG link : CVE-2025-43256

JSON object : View

Products Affected

apple

CWE
CWE-269

Improper Privilege Management