CVE-2025-43184

Critical

Published: 30 July 2025

Published

30 July 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.1th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43184 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 29.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Unix Shell (T1059.004) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations for access to system resources, directly preventing malicious shortcuts from bypassing sensitive Shortcuts app settings.

AC-6 Least Privilege good match

prevent

AC-6 applies least privilege to restrict shortcut processes to only necessary permissions, mitigating unauthorized actions enabled by the access control bypass.

IA-11 Re-authentication good match

prevent

IA-11 requires re-authentication for sensitive operations via user consent prompts, matching the CVE fix that added an extra prompt to block unauthorized shortcut execution.

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1548.006 TCC Manipulation Privilege Escalation

Adversaries can manipulate or abuse the Transparency, Consent, & Control (TCC) service or database to grant malicious executables elevated permissions.

attack.mitre.org →

Why these techniques?

Bypass of Shortcuts app consent controls enables unauthorized automation actions (Unix shell via shortcuts) and TCC manipulation on macOS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A shortcut may be able to bypass sensitive Shortcuts app settings.

Deeper analysisAI

CVE-2025-43184 is a high-severity vulnerability (CVSS 3.1 score of 9.8) affecting the Shortcuts app on macOS systems, classified under CWE-284 (Improper Access Control). It allows a malicious shortcut to bypass sensitive Shortcuts app settings, enabling unauthorized access or actions that would normally be restricted. The flaw impacts macOS versions prior to Sequoia 15.4, Sonoma 14.7.7, and Ventura 13.7.7.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction (AV:N/AC:L/PR:N/UI:N). By delivering a specially crafted shortcut—potentially via email, messaging, or web download—an attacker could bypass app protections, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). This could lead to unauthorized data access, modification of system settings, or execution of harmful actions through the Shortcuts automation framework.

Apple's security advisories detail the fix, implemented by adding an additional prompt for user consent before sensitive operations. The issue is patched in macOS Sequoia 15.4, Sonoma 14.7.7, and Ventura 13.7.7; users should update immediately. Further details are available in Apple support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/124150, and https://support.apple.com/en-us/124151, along with Full Disclosure mailing list entries at http://seclists.org/fulldisclosure/2025/Jul/33 and http://seclists.org/fulldisclosure/2025/Jul/34.

Details

CWE(s): CWE-284

Affected Products

apple

macos

≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.4

CVEs Like This One

CVE-2025-43232Same product: Apple Macos

CVE-2025-30460Same product: Apple Macos

CVE-2025-24241Same product: Apple Macos

CVE-2025-24229Same product: Apple Macos

CVE-2026-20622Same product: Apple Macos

CVE-2025-30462Same product: Apple Macos

CVE-2025-43192Same product: Apple Macos

CVE-2025-43194Same product: Apple Macos

CVE-2026-28837Same product: Apple Macos

CVE-2024-40858Same product: Apple Macos

References

https://support.apple.com/en-us/122373
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/124150
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/124151
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jul/33
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/34
af854a3a-2127-422b-91ae-364da2661108