CVE-2025-43198

Critical

Published: 30 July 2025

Published

30 July 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43198 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

AC-3 enforces approved authorizations for logical access to protected user data, directly preventing apps from bypassing flawed access controls as in this CVE.

AC-6 Least Privilege good match

prevent

AC-6 applies least privilege to restrict app access to only necessary resources, mitigating unauthorized access to sensitive user data.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely flaw remediation through patching, addressing the vulnerable code removal fix for this macOS access control vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

Improper access control flaw directly enables unauthorized access to protected local user data (T1005) via exploitation for privilege escalation (T1068) without auth or interaction.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to access protected user data.

Deeper analysisAI

CVE-2025-43198 is a critical improper access control vulnerability (CWE-284) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), affecting macOS systems. It enables an app to access protected user data by exploiting flawed access controls. The vulnerability was addressed in macOS Sequoia 15.6 and macOS Sonoma 14.7.7 through the removal of the vulnerable code.

Attackers require no privileges or user interaction and can exploit this remotely over a network with low complexity. A malicious app can leverage the flaw to bypass protections and gain high-impact access to sensitive user data, potentially compromising confidentiality, integrity, and availability.

Apple's security advisories detail the fix via code removal in the specified macOS updates, recommending immediate patching to macOS Sequoia 15.6 or Sonoma 14.7.7. Additional details are available in the referenced support pages (https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150) and Full Disclosure mailing list posts (http://seclists.org/fulldisclosure/2025/Jul/32, http://seclists.org/fulldisclosure/2025/Jul/33).

Details

CWE(s): CWE-284

Affected Products

apple

macos

≤ 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2025-24229Same product: Apple Macos

CVE-2026-28837Same product: Apple Macos

CVE-2025-30460Same product: Apple Macos

CVE-2025-30462Same product: Apple Macos

CVE-2025-24241Same product: Apple Macos

CVE-2026-20622Same product: Apple Macos

CVE-2025-43192Same product: Apple Macos

CVE-2025-43194Same product: Apple Macos

CVE-2025-43184Same product: Apple Macos

CVE-2025-43232Same product: Apple Macos

References

https://support.apple.com/en-us/124149
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/124150
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jul/32
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/33
af854a3a-2127-422b-91ae-364da2661108