Cyber Resilience

CVE-2025-43192

CriticalUpdated

Published: 30 July 2025

Published
30 July 2025
Modified
17 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0060 44.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-43192 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked at the 44.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-43192 is a configuration issue addressed with additional restrictions in macOS. It affects macOS Sequoia prior to version 15.6 and macOS Sonoma prior to version 14.7.7, specifically relating to account-driven User Enrollment that may still be possible even with Lockdown Mode turned on. The vulnerability is classified under CWE-284 (Improper Access Control) and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with high impacts on confidentiality, integrity, and availability.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation enables high-level compromise of confidentiality, integrity, and availability, potentially allowing unauthorized account-driven User Enrollment despite Lockdown Mode protections.

Apple advisories confirm the issue is fixed in macOS Sequoia 15.6 and macOS Sonoma 14.7.7 through additional restrictions. Further details are available in Apple support pages at https://support.apple.com/en-us/124149 and https://support.apple.com/en-us/124150, along with full disclosures at http://seclists.org/fulldisclosure/2025/Jul/32 and http://seclists.org/fulldisclosure/2025/Jul/33.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. Account-driven User Enrollment may still be possible with Lockdown Mode turned on.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Bypasses Lockdown Mode (a defensive restriction) to enable unauthorized account-driven User Enrollment, directly facilitating impairment of security controls.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-43232Same product: Apple Macos
CVE-2024-44219Same product: Apple Macos
CVE-2025-43233Same product: Apple Macos
CVE-2025-43524Same product: Apple Macos
CVE-2026-20622Same product: Apple Macos
CVE-2025-30460Same product: Apple Macos
CVE-2025-30462Same product: Apple Macos
CVE-2025-24241Same product: Apple Macos
CVE-2025-43184Same product: Apple Macos
CVE-2024-40858Same product: Apple Macos

Affected Assets

apple
macos
≤ 14.7.7 · 15.0 — 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the configuration flaw by requiring timely patching to macOS Sequoia 15.6 or Sonoma 14.7.7, which implement the additional restrictions preventing account-driven User Enrollment in Lockdown Mode.

prevent

Enforces secure configuration settings for macOS, including Lockdown Mode and additional restrictions, to block unauthorized account-driven User Enrollment.

prevent

Establishes access controls and usage restrictions for mobile devices like macOS systems to authorize and prevent unauthorized User Enrollment.

References