CVE-2025-43244
Published: 30 July 2025
Summary
CVE-2025-43244 is a critical-severity Race Condition (CWE-362) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-11 (User-installed Software).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 directly and comprehensively addresses the CVE by requiring timely remediation of the race condition flaw through application of the vendor patches released for macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7.
CM-11 mitigates exploitation by restricting user-installed software, preventing malicious apps from triggering the race condition to cause unexpected system termination.
RA-5 detects the presence of the unpatched race condition vulnerability in macOS systems through periodic vulnerability scanning.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Race condition enables application/system exploitation leading to termination (DoS).
NVD Description
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
Deeper analysisAI
CVE-2025-43244 is a race condition vulnerability (CWE-362) addressed through improved state handling in macOS. It affects macOS Sequoia versions prior to 15.6, macOS Sonoma prior to 14.7.7, and macOS Ventura prior to 13.7.7. The issue enables an app to cause unexpected system termination and carries a CVSS v3.1 base score of 9.8 (Critical), reflecting network accessibility, low complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability.
A remote, unauthenticated attacker (AV:N/AC:L/PR:N/UI:N) can exploit this race condition by leveraging a malicious app, leading to high confidentiality (C:H), integrity (I:H), and availability (A:H) impacts with unchanged scope (S:U). The primary effect is unexpected system termination, potentially enabling broader disruption.
Apple advisories confirm the vulnerability was fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7 via improved state handling. Mitigation involves applying these updates, with further details in security content releases at https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151, and Full Disclosure mailing list entries at http://seclists.org/fulldisclosure/2025/Jul/32 and http://seclists.org/fulldisclosure/2025/Jul/33.
Details
- CWE(s)