Cyber Resilience

CVE-2025-43245

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0052 67.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43245 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Code Signing (T1553.002); ranked in the top 32.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-14 (Signed Components).

Deeper analysis

CVE-2025-43245 is a downgrade issue addressed with additional code-signing restrictions in macOS. It affects macOS Sequoia prior to version 15.6, macOS Sonoma prior to 14.7.7, and macOS Ventura prior to 13.7.7. The vulnerability enables an app to access protected user data and is associated with CWE-290. Published on 2025-07-30, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited remotely over the network with low attack complexity, requiring no privileges, no user interaction, and no change in scope. A successful attacker can achieve high impacts on confidentiality, integrity, and availability, potentially allowing unauthorized access to protected user data via a malicious app.

Apple's security advisories confirm the issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. Mitigation involves updating to these patched versions. Further details are provided in the referenced advisories, including https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151, http://seclists.org/fulldisclosure/2025/Jul/32, and http://seclists.org/fulldisclosure/2025/Jul/33.

EU & UK References

Vulnerability details

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1553.002 Code Signing Defense Impairment
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools.
Why these techniques?

Direct code-signing verification bypass via downgrade flaw (CWE-290), enabling malicious apps to subvert trust controls and access protected data.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24232Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos
CVE-2025-24176Same product: Apple Macos
CVE-2025-31194Same product: Apple Macos
CVE-2025-24103Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2025-24135Same product: Apple Macos
CVE-2024-44286Same product: Apple Macos
CVE-2025-24263Same product: Apple Macos
CVE-2025-24266Same product: Apple Macos

Affected Assets

apple
macos
≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires digital signatures for system components, directly countering the code-signing downgrade vulnerability that allows malicious apps to access protected user data.

prevent

Mandates timely flaw remediation through patching to the fixed macOS versions (15.6, 14.7.7, 13.7.7), eliminating the specific downgrade issue.

prevent

Restricts installation and execution to only approved software, preventing exploitation by malicious apps leveraging the code-signing downgrade.

References