CVE-2025-43312: Buffer Overflow
Published Sep 15, 2025
·Updated
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause unexpected system termination.
Credit
ABC Research s.r.o., Mickey Jin@@patch1t, Csaba Fitzl@@theevilbit(Kandji), Nolan Astrein(Kandji), Zhongquan Li@@Guluisacat, Bilal Siddiqui, @@zlluny(Trend Zero Day Initiative), an anonymous researcher, Wang Yu(Cyberserval), Keisuke Hosoda, Viktor Oreshkin, Nathaniel Oh@@calysteon, Hikerell (Loadshine Lab), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Dawuge(Shuffle Team), LFY@@secsys(Fudan University), CVE-2025-40909, CVE-2024-27280, Ye Zhang(Baidu Security), pattern-f@@pattern_F_, @@zlluny, 정답이 아닌 해답, Noah Gregory (wts.dev), Justin Elliot Fu, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Google's Threat Analysis Group, Seo Hyun-gyu@@wh1te4ever, Minghao Lin@@Y1nKoc, 风 (binaryfmyy), BochengXiang@@Crispr, YingQi Shi@@Mas0nShi, Dora Orak, Mickey Jin@@patch1t(Fudan University), Kirin@@Pwnrin(Fudan University), Zhongcheng Li(IES Red Team of ByteDance), Kirin@@Pwnrin(Computer Science), Cristian Dinca(Computer Science), Romania, Kirin@@Pwnrin, Mickey Jin@@patch1t(Cisco Talos), Kirin@@Pwnrin(Cisco Talos), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Michael Reeves@@IntegralPilot, Rosyna Keller(Totally Not Malicious Software), Guilherme Rambo(Best Buddy Apps), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), @@zlluny(Trend Micro Zero Day Initiative), 이동하 (Lee Dong Ha)(SSA Lab), Shantanu Thakur, Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Ye Zhang@@VAR10CK(Baidu Security), Gergely Kalman@@gergely_kalman, KPC(Cisco Talos), @@RenwaX23, CVE-2025-6965, JZ, Luke Roberts@@rookuu, Ferdous Saljooki@@malwarezoo(Jamf), Pyrophoria(GrapheneOS), an anonymous researcher(GrapheneOS), James J Kalafus, Michel Migdal, ken super, Jaydev Ahire, Big Bear, Ignacio Sanmillan@@ulexec, Mike Cardwell(grepular), Bob Lord, Pawel Wylecial(REDTEAM)
Affected Software
5 affected componentsFixes available
Apple macOS Tahoe<26
26
Apple macOS Sonoma<14.8
14.8
Apple macOS Sequoia<15.7
15.7
Apple macOS>=14.0<14.8
Apple macOS>=15.0<15.7
Event History
Sep 15, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·10:35 PM
Data Sourced
via MITRE·10:35 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43312?
CVE-2025-43312 is categorized as a high severity vulnerability due to potential buffer overflow exploits that could lead to unexpected system termination.
2
How do I fix CVE-2025-43312?
To fix CVE-2025-43312, upgrade to macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26.
3
What systems are affected by CVE-2025-43312?
CVE-2025-43312 affects macOS versions earlier than 15.7, 14.8, and 26.
4
What type of exploit is CVE-2025-43312?
CVE-2025-43312 is an exploit that manifests as a buffer overflow vulnerability.
5
Who is responsible for addressing CVE-2025-43312?
Apple is responsible for addressing CVE-2025-43312 through their software updates.