CVE-2025-43285: Buffer Overflow
Published Sep 15, 2025
·Updated
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Credit
ABC Research s.r.o., Mickey Jin@@patch1t, Csaba Fitzl@@theevilbit(Kandji), Nolan Astrein(Kandji), Zhongquan Li@@Guluisacat, Bilal Siddiqui, @@zlluny(Trend Zero Day Initiative), an anonymous researcher, Wang Yu(Cyberserval), Keisuke Hosoda, Viktor Oreshkin, Nathaniel Oh@@calysteon, Hikerell (Loadshine Lab), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Dawuge(Shuffle Team), LFY@@secsys(Fudan University), CVE-2025-40909, CVE-2024-27280, Ye Zhang(Baidu Security), pattern-f@@pattern_F_, @@zlluny, 정답이 아닌 해답, Noah Gregory (wts.dev), Justin Elliot Fu, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Google's Threat Analysis Group, Seo Hyun-gyu@@wh1te4ever, Minghao Lin@@Y1nKoc, 风 (binaryfmyy), BochengXiang@@Crispr, YingQi Shi@@Mas0nShi, Dora Orak, Mickey Jin@@patch1t(Fudan University), Kirin@@Pwnrin(Fudan University), Zhongcheng Li(IES Red Team of ByteDance), Kirin@@Pwnrin(Computer Science), Cristian Dinca(Computer Science), Romania, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Michael Reeves@@IntegralPilot, Rosyna Keller(Totally Not Malicious Software), Guilherme Rambo(Best Buddy Apps), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), @@zlluny(Trend Micro Zero Day Initiative), 이동하 (Lee Dong Ha)(SSA Lab), Shantanu Thakur, Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Ye Zhang@@VAR10CK(Baidu Security), Gergely Kalman@@gergely_kalman, Kirin@@Pwnrin, KPC(Cisco Talos), @@RenwaX23, CVE-2025-6965, JZ, Luke Roberts@@rookuu, Ferdous Saljooki@@malwarezoo(Jamf), Pyrophoria(GrapheneOS), an anonymous researcher(GrapheneOS), James J Kalafus, Michel Migdal, ken super, Jaydev Ahire, Big Bear, Ignacio Sanmillan@@ulexec, Mike Cardwell(grepular), Bob Lord, Pawel Wylecial(REDTEAM), Mickey Jin@@patch1t(Cisco Talos), Kirin@@Pwnrin(Cisco Talos), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos)
Affected Software
5 affected componentsFixes available
Apple macOS Tahoe<26
26
Apple macOS Sonoma<14.8
14.8
Apple macOS Sequoia<15.7
15.7
Apple macOS>=14.0<14.8
Apple macOS>=15.0<15.7
Event History
Sep 15, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·10:35 PM
Data Sourced
via MITRE·10:35 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43285?
The severity of CVE-2025-43285 is categorized as high due to its ability to potentially allow unauthorized access to protected user data.
2
How do I fix CVE-2025-43285?
To fix CVE-2025-43285, upgrade to macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26.
3
What systems are affected by CVE-2025-43285?
CVE-2025-43285 affects Apple macOS versions prior to 15.7 for Sequoia, 14.8 for Sonoma, and 26 for Tahoe.
4
What type of vulnerability is CVE-2025-43285?
CVE-2025-43285 is a permissions issue that allows unauthorized access to protected user data.
5
Is there a patch for CVE-2025-43285?
Yes, a patch for CVE-2025-43285 is included in the latest updates for macOS Sequoia, Sonoma, and Tahoe.