Cyber Posture

CVE-2025-43194

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43194 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Linux and Mac Permissions (T1222.002); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Linux and Mac Permissions (T1222.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources, directly preventing apps from modifying protected macOS file system parts due to improper checks.

AC-25 Reference Monitor good match
prevent

Implements a tamper-proof reference monitor to mediate all access decisions, addressing the core failure in macOS checks that allowed unauthorized file system modifications.

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation through patches like macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7 that fix the improper access control vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1222.002 Linux and Mac Permissions Defense Impairment
Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.
attack.mitre.org →
Why these techniques?

Vulnerability directly permits unauthorized modification of protected macOS file system regions, aligning with file/directory permission abuse on Unix-like systems.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to modify protected parts of the file system.

Deeper analysisAI

CVE-2025-43194 is an improper access control vulnerability (CWE-284) in macOS that enables an app to modify protected parts of the file system. The issue was addressed through improved checks and is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7, meaning earlier versions of these macOS releases are affected.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability allows remote, unauthenticated attackers to exploit it over the network with low complexity and no user interaction required. A malicious app can be used to achieve high impacts on confidentiality, integrity, and availability by altering protected file system regions.

Apple security advisories, including support documents at https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, and https://support.apple.com/en-us/124151, confirm the fixes in the listed macOS updates. Additional details appear in full disclosure postings at http://seclists.org/fulldisclosure/2025/Jul/32 and http://seclists.org/fulldisclosure/2025/Jul/33, recommending users apply the patches promptly to mitigate the risk.

Details

CWE(s)
CWE-284

Affected Products

apple
macos
≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2025-24241Same product: Apple Macos
CVE-2025-24229Same product: Apple Macos
CVE-2026-20622Same product: Apple Macos
CVE-2025-30462Same product: Apple Macos
CVE-2025-43192Same product: Apple Macos
CVE-2025-43184Same product: Apple Macos
CVE-2026-28837Same product: Apple Macos
CVE-2025-43232Same product: Apple Macos
CVE-2025-30460Same product: Apple Macos
CVE-2024-40858Same product: Apple Macos

References