CVE-2025-43322
Published Nov 3, 2025
·Updated
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access user-sensitive data.
Credit
Ryan Dowd@@_rdowd, Mickey Jin@@patch1t, Gergely Kalman@@gergely_kalman, Joseph Ravichandran@@0xjprx(MIT CSAIL), Dave G. (supernetworks.org), JZ, Zhongcheng Li(IES Red Team of ByteDance), Michael Reeves@@IntegralPilot, Morris Richman@@morrisinlife, Csaba Fitzl@@theevilbit(Kandji), Hikerell (Loadshine Lab), 이동하 (Lee Dong Ha(BoB 14th), wac(Trend Micro Zero Day Initiative), an anonymous researcher, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), pattern-f@@pattern_F_, Ferdous Saljooki@@malwarezoo(Jamf), Murray Mike, 이동하 (Lee Dong Ha)(SSA Lab), Cristian Dinca (icmd.tech), Apple, Dave G.(supernetworks), Alex Radocea(supernetworks), Taavi Eomäe(Zone Media), Kirin@@Pwnrin, Atul R V, Asaf Cohen, CVE-2024-43398, CVE-2024-49761, CVE-2025-6442, Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Nikolai Skliarenko(Trend Micro Zero Day Initiative), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Wang Yu(Cyberserval), Nolan Astrein(Kandji), Duy Trần@@khanhduytran0, Adwiteeya Agrawal, Romain Lebesle(Khatima), Himanshu Bharti@@Xpl0itme(Khatima), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), BynarIO AI (bynar.io), Kirin@@Pwnrin(Microsoft), Ron Masas(BreakPoint), Pinak Oza, Wojciech Regula(SecuRing), Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Kenneth Chew, @@EthanArbuckle, iisBuri, Google Threat Analysis Group, Doug Hogan, KPC(Cisco Talos), @@RenwaX23, Zhongquan Li@@Guluisacat, Stanislav Jelezoglo, an anonymous researcher(Microsoft), Amy@@asentientbot, CVE-2025-32462, CVE-2025-53906, Aleksejs Popovs, Phil Beauvoir, Google Big Sleep, Gary Kwong, rheza@@ginggilBesel, Justin Cohen(Google), Nan Wang@@eternalsakura13, rheza@@ginggilBesel(Trend Micro Zero Day Initiative), shandikri(Trend Micro Zero Day Initiative), Gary Kwong(Trend Micro Zero Day Initiative), Tom Van Goethem, @@cloudlldb
Affected Software
5 affected componentsFixes available
Apple macOS Tahoe<26.1
26.1
Apple macOS Sequoia<15.7.2
15.7.2
Apple macOS Sonoma<14.8.2
14.8.2
Apple macOS>=14.0<14.8.2
Apple macOS>=15.0<15.7.2
Event History
Nov 3, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Nov 4, 2025
CVE Published
via MITRE·01:17 AM
Data Sourced
via MITRE·01:17 AM
DescriptionWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43322?
CVE-2025-43322 has a significant severity level as it may allow apps to access user-sensitive data.
2
How do I fix CVE-2025-43322?
To fix CVE-2025-43322, update to macOS Sonoma 14.8.2 or macOS Sequoia 15.7.2.
3
What products are affected by CVE-2025-43322?
CVE-2025-43322 affects macOS Tahoe versions up to 26.1, macOS Sequoia versions up to 15.7.2, and macOS Sonoma versions up to 14.8.2.
4
What type of issue is CVE-2025-43322?
CVE-2025-43322 is a logic issue that has been addressed with improved checks in recent macOS updates.
5
Can CVE-2025-43322 lead to data breaches?
Yes, CVE-2025-43322 may potentially lead to unauthorized access to user-sensitive data if not addressed.