CVE-2025-43192
Published: 30 July 2025
Summary
CVE-2025-43192 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1562.001); ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the configuration flaw by requiring timely patching to macOS Sequoia 15.6 or Sonoma 14.7.7, which implement the additional restrictions preventing account-driven User Enrollment in Lockdown Mode.
Enforces secure configuration settings for macOS, including Lockdown Mode and additional restrictions, to block unauthorized account-driven User Enrollment.
Establishes access controls and usage restrictions for mobile devices like macOS systems to authorize and prevent unauthorized User Enrollment.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Bypasses Lockdown Mode (a defensive restriction) to enable unauthorized account-driven User Enrollment, directly facilitating impairment of security controls.
NVD Description
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. Account-driven User Enrollment may still be possible with Lockdown Mode turned on.
Deeper analysisAI
CVE-2025-43192 is a configuration issue addressed with additional restrictions in macOS. It affects macOS Sequoia prior to version 15.6 and macOS Sonoma prior to version 14.7.7, specifically relating to account-driven User Enrollment that may still be possible even with Lockdown Mode turned on. The vulnerability is classified under CWE-284 (Improper Access Control) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.
Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation enables high-level compromise of confidentiality, integrity, and availability, potentially allowing unauthorized account-driven User Enrollment despite Lockdown Mode protections.
Apple advisories confirm the issue is fixed in macOS Sequoia 15.6 and macOS Sonoma 14.7.7 through additional restrictions. Further details are available in Apple support pages at https://support.apple.com/en-us/124149 and https://support.apple.com/en-us/124150, along with full disclosures at http://seclists.org/fulldisclosure/2025/Jul/32 and http://seclists.org/fulldisclosure/2025/Jul/33.
Details
- CWE(s)