Cyber Posture

CVE-2025-43245

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 32.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43245 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Code Signing (T1553.002); ranked at the 32.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-14 (Signed Components).

Threat & Defense at a Glance

What attackers do: exploitation maps to Code Signing (T1553.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-14 Signed Components good match
prevent

Requires digital signatures for system components, directly countering the code-signing downgrade vulnerability that allows malicious apps to access protected user data.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through patching to the fixed macOS versions (15.6, 14.7.7, 13.7.7), eliminating the specific downgrade issue.

CM-10 Software Usage Restrictions good match
prevent

Restricts installation and execution to only approved software, preventing exploitation by malicious apps leveraging the code-signing downgrade.

MITRE ATT&CK Enterprise TechniquesAI

T1553.002 Code Signing Defense Impairment
Adversaries may create, acquire, or steal code signing materials to sign their malware or tools.
attack.mitre.org →
Why these techniques?

Direct code-signing verification bypass via downgrade flaw (CWE-290), enabling malicious apps to subvert trust controls and access protected data.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.

Deeper analysisAI

CVE-2025-43245 is a downgrade issue addressed with additional code-signing restrictions in macOS. It affects macOS Sequoia prior to version 15.6, macOS Sonoma prior to 14.7.7, and macOS Ventura prior to 13.7.7. The vulnerability enables an app to access protected user data and is associated with CWE-290. Published on 2025-07-30, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited remotely over the network with low attack complexity, requiring no privileges, no user interaction, and no change in scope. A successful attacker can achieve high impacts on confidentiality, integrity, and availability, potentially allowing unauthorized access to protected user data via a malicious app.

Apple's security advisories confirm the issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. Mitigation involves updating to these patched versions. Further details are provided in the referenced advisories, including https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151, http://seclists.org/fulldisclosure/2025/Jul/32, and http://seclists.org/fulldisclosure/2025/Jul/33.

Details

CWE(s)
CWE-290

Affected Products

apple
macos
≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2025-30452Same product: Apple Macos
CVE-2025-43219Same product: Apple Macos
CVE-2025-43189Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2025-24245Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos
CVE-2025-24109Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-24241Same product: Apple Macos
CVE-2025-24259Same product: Apple Macos

References