Cyber Posture

CVE-2025-43232

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0011 29.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43232 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique TCC Manipulation (T1548.006); ranked at the 29.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-16 (Security and Privacy Attributes) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to TCC Manipulation (T1548.006). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources, directly mitigating the improper access control that allowed apps to bypass macOS Privacy preferences.

AC-6 Least Privilege good match
prevent

Implements least privilege to restrict app access to only necessary resources, preventing escalation beyond intended Privacy preference boundaries.

AC-16 Security and Privacy Attributes good match
prevent

Manages security and privacy attributes to enforce policies on privacy-sensitive resources, countering the bypass of macOS Privacy preferences.

MITRE ATT&CK Enterprise TechniquesAI

T1548.006 TCC Manipulation Privilege Escalation
Adversaries can manipulate or abuse the Transparency, Consent, & Control (TCC) service or database to grant malicious executables elevated permissions.
attack.mitre.org →
Why these techniques?

Direct mapping to TCC Manipulation via macOS Privacy preferences bypass (CWE-284 improper access control).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to bypass certain Privacy preferences.

Deeper analysisAI

CVE-2025-43232 is a permissions issue, classified under CWE-284 (Improper Access Control), affecting Apple's macOS operating system. The vulnerability enables an app to bypass certain Privacy preferences. It impacts macOS versions prior to Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7, with the issue published on 2025-07-30.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical. Attackers require no privileges or user interaction and can exploit it over the network with low complexity. A malicious app can be used to bypass Privacy preferences, potentially achieving high impacts on confidentiality, integrity, and availability.

Apple addressed the issue with additional restrictions on permissions, as detailed in security updates. The fixes are included in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. Mitigation involves updating to these patched versions, with further details in advisories at https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151, http://seclists.org/fulldisclosure/2025/Jul/32, and http://seclists.org/fulldisclosure/2025/Jul/33.

Details

CWE(s)
CWE-284

Affected Products

apple
macos
≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2025-43184Same product: Apple Macos
CVE-2025-30460Same product: Apple Macos
CVE-2025-24241Same product: Apple Macos
CVE-2025-24229Same product: Apple Macos
CVE-2026-20622Same product: Apple Macos
CVE-2025-30462Same product: Apple Macos
CVE-2025-43192Same product: Apple Macos
CVE-2025-43194Same product: Apple Macos
CVE-2026-28837Same product: Apple Macos
CVE-2025-31188Same product: Apple Macos

References