CVE-2025-43233

Critical

Published: 30 July 2025

Published

30 July 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0013 32.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43233 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces improved access restrictions to prevent malicious apps acting as HTTPS proxies from accessing sensitive user data.

SI-2 Flaw Remediation good match

prevent

Remediates the specific improper access control flaw by applying patches to affected macOS versions like Sequoia 15.6.

CM-11 User-installed Software partial match

prevent

Restricts user-installed software to block execution of malicious apps that impersonate HTTPS proxies for unauthorized data access.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

T1036.005 Match Legitimate Resource Name or Location Stealth

Adversaries may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them.

attack.mitre.org →

Why these techniques?

Vulnerability enables malicious app to impersonate HTTPS proxy (masquerading + adversary-in-the-middle) for unauthorized sensitive data access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app acting as a HTTPS proxy could get access to sensitive user data.

Deeper analysisAI

CVE-2025-43233 is an improper access control vulnerability (CWE-284) in macOS that allows a malicious app acting as an HTTPS proxy to access sensitive user data. The issue affects macOS versions prior to Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, lack of required privileges or user interaction, and high impact on confidentiality, integrity, and availability.

An attacker can exploit this vulnerability by deploying a malicious app that impersonates an HTTPS proxy, enabling unauthorized access to sensitive user data without needing special privileges or further user interaction beyond initial app execution. The network vector (AV:N) suggests remote exploitation potential, such as through a crafted app distributed via malicious downloads or network-based delivery, allowing the attacker to intercept and exfiltrate data seamlessly.

Apple's security advisories address the vulnerability through improved access restrictions, with fixes available in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. Security practitioners should prioritize patching affected systems and advise users to update immediately, while scrutinizing app installations for proxy-like behaviors. Relevant details are available in Apple support documents at https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, and https://support.apple.com/en-us/124151, along with full disclosure postings on seclists.org.

Details

CWE(s): CWE-284

Affected Products

apple

macos

≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2025-24241Same product: Apple Macos

CVE-2025-24229Same product: Apple Macos

CVE-2026-20622Same product: Apple Macos

CVE-2025-30462Same product: Apple Macos

CVE-2025-43192Same product: Apple Macos

CVE-2025-43194Same product: Apple Macos

CVE-2025-43184Same product: Apple Macos

CVE-2026-28837Same product: Apple Macos

CVE-2025-43232Same product: Apple Macos

CVE-2025-30460Same product: Apple Macos

References

https://support.apple.com/en-us/124149
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/124150
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/124151
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jul/32
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/33
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/34
af854a3a-2127-422b-91ae-364da2661108