Cyber Resilience

CVE-2025-43189

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0054 68.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43189 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 32.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-43189 is a memory handling vulnerability in macOS that enables a malicious app to read kernel memory. The issue, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), affects macOS Sequoia versions prior to 15.6 and macOS Sonoma versions prior to 14.7.7. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

An attacker can exploit this vulnerability by delivering and executing a malicious app on the target system. The vector requires no privileges or user interaction beyond app execution, with potential network accessibility. Exploitation allows reading of kernel memory, leading to unauthorized exposure of sensitive data and broader system compromise.

Apple addressed the vulnerability with improved memory handling in macOS Sequoia 15.6 and macOS Sonoma 14.7.7. Mitigation involves updating to these patched versions, as detailed in Apple's security content updates at https://support.apple.com/en-us/124149 and https://support.apple.com/en-us/124150, along with disclosures on the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Jul/32 and http://seclists.org/fulldisclosure/2025/Jul/33.

EU & UK References

Vulnerability details

This issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to read kernel memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1003 OS Credential Dumping Credential Access
Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password.
Why these techniques?

Kernel memory read from malicious app directly enables credential access/dumping and facilitates privilege escalation via sensitive kernel data exposure.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24232Same product: Apple Macos
CVE-2025-24263Same product: Apple Macos
CVE-2025-24109Same product: Apple Macos
CVE-2025-24174Same product: Apple Macos
CVE-2025-30424Same product: Apple Macos
CVE-2025-24253Same product: Apple Macos
CVE-2025-24246Same product: Apple Macos
CVE-2025-24204Same product: Apple Macos
CVE-2025-24250Same product: Apple Macos
CVE-2025-24146Same product: Apple Macos

Affected Assets

apple
macos
≤ 14.7.7 · 15.0 — 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-16 directly enforces memory protection mechanisms to prevent malicious apps from unauthorized access to kernel memory.

prevent

SI-2 ensures timely identification, reporting, and correction of memory handling flaws like CVE-2025-43189 through patching.

prevent

CM-11 restricts user-installed software to prevent execution of malicious apps that exploit the kernel memory vulnerability.

References