Cyber Posture

CVE-2025-43275

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0013 31.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43275 is a critical-severity Race Condition (CWE-362) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SC-39 (Process Isolation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-39 Process Isolation good match
prevent

Mandates separate execution domains for processes, directly preventing sandbox escape vulnerabilities like this race condition in macOS.

AC-25 Reference Monitor good match
prevent

Requires a reference monitor mechanism to enforce access control policies comprehensively, which the macOS sandbox implements to block unauthorized breakouts.

SI-2 Flaw Remediation good match
prevent

Directly mandates timely remediation of flaws, such as patching the race condition vulnerability in macOS sandboxing prior to exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Sandbox escape via race condition directly enables privilege escalation by bypassing OS isolation controls.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.

Deeper analysisAI

CVE-2025-43275 is a race condition vulnerability, classified under CWE-362, that was addressed through additional validation measures. It affects the macOS sandboxing mechanism in macOS Sequoia prior to version 15.6, macOS Sonoma prior to 14.7.7, and macOS Ventura prior to 13.7.7. The issue enables an app to break out of its sandbox, potentially bypassing designed isolation controls.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability is exploitable over a network with low complexity, requiring no privileges or user interaction. A remote attacker can leverage a malicious app to trigger the race condition, achieving high-impact confidentiality, integrity, and availability violations by escaping sandbox restrictions and accessing unauthorized system resources.

Apple security advisories confirm the issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7 via additional validation. Practitioners should prioritize updating affected systems, with details available in Apple's support documents at https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, and https://support.apple.com/en-us/124151, along with Full Disclosure mailing list entries.

Details

CWE(s)
CWE-362

Affected Products

apple
macos
≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2026-28817Same product: Apple Macos
CVE-2026-28891Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-24234Same product: Apple Macos
CVE-2025-24255Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24228Same product: Apple Macos
CVE-2026-20658Same product: Apple Macos
CVE-2025-43244Same product: Apple Macos

References