CVE-2025-43243

Critical

Published: 30 July 2025

Published

30 July 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 29.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43243 is a critical-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations preventing apps from accessing and modifying protected filesystem areas exploited by this permissions vulnerability.

AC-6 Least Privilege good match

prevent

Applies least privilege to apps, restricting unnecessary access to protected filesystem paths addressed by the CVE.

SI-2 Flaw Remediation good match

prevent

Provides timely flaw remediation through patching macOS to the fixed versions that resolve the permissions issue.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1222.002 Linux and Mac Permissions Defense Impairment

Adversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.

attack.mitre.org →

Why these techniques?

Permissions flaw (CWE-732) directly enables unauthorized modification of protected macOS file system areas, mapping to privilege escalation via exploitation and abuse of file/directory permissions on Mac.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to modify protected parts of the file system.

Deeper analysisAI

CVE-2025-43243 is a permissions issue, classified under CWE-732 (Incorrect Permissions with Respect to Pathname Resolution), affecting macOS systems prior to the patched versions. Published on 2025-07-30, the vulnerability allows an app to modify protected parts of the file system due to insufficient restrictions. It has a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). The issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7.

The attack scenario enables remote attackers to exploit the vulnerability without authentication or user interaction. By leveraging the permissions flaw, an attacker can cause an app—potentially delivered remotely—to access and alter protected file system areas, leading to arbitrary read/write capabilities on sensitive data and system resources. This could result in data theft, tampering, or disruption of critical macOS components.

Apple's security advisories detail the mitigation as applying additional restrictions to permissions handling. Security practitioners should prioritize updating affected systems to macOS Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7, as outlined in support documents such as https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, and https://support.apple.com/en-us/124151. Full disclosure notes are available at http://seclists.org/fulldisclosure/2025/Jul/32 and http://seclists.org/fulldisclosure/2025/Jul/33.

Details

CWE(s): CWE-732

Affected Products

apple

macos

≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2025-24267Same product: Apple Macos

CVE-2026-28817Same product: Apple Macos

CVE-2025-24277Same product: Apple Macos

CVE-2025-24234Same product: Apple Macos

CVE-2025-24255Same product: Apple Macos

CVE-2025-24170Same product: Apple Macos

CVE-2025-24228Same product: Apple Macos

CVE-2026-20658Same product: Apple Macos

CVE-2026-28821Same product: Apple Macos

CVE-2025-43194Same product: Apple Macos

References

https://support.apple.com/en-us/124149
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/124150
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/124151
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jul/32
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/33
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/34
af854a3a-2127-422b-91ae-364da2661108