CVE-2025-46290
Published: 11 February 2026
Summary
CVE-2025-46290 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-46290 is a logic issue addressed through improved checks in multiple Apple operating systems and platforms. The vulnerability affects iOS and iPadOS prior to versions 18.7.3 and 26.2, macOS Sequoia prior to 15.7.4, macOS Sonoma prior to 14.8.4, macOS Tahoe prior to 26.2, visionOS prior to 26.2, and watchOS prior to 26.2. It is associated with CWE-693 (Protection Mechanism Failure) and CWE-703 (Improper Check or Handling of Exceptional Conditions), earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.
A remote attacker can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation leads to a denial-of-service condition, disrupting service availability on the targeted device without compromising confidentiality or integrity.
Apple security advisories detail mitigations through patches in the specified versions, as outlined in support documents such as https://support.apple.com/en-us/125884, https://support.apple.com/en-us/125885, https://support.apple.com/en-us/125886, https://support.apple.com/en-us/125890, and https://support.apple.com/en-us/125891. Security practitioners should prioritize updating affected devices to these versions to prevent exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207251
Vulnerability details
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. A remote attacker may…
more
be able to cause a denial-of-service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote network exploitation of an Apple OS flaw (protection mechanism failure) to crash/deny availability on the endpoint device, directly matching application/system exploitation for DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through applying vendor patches directly prevents exploitation of this logic issue causing remote denial-of-service.
Denial-of-service protections at system entry points block or mitigate remote network attacks exploiting this vulnerability's availability impact.
Information input validation enforces improved checks on network inputs to address the logic flaw and prevent denial-of-service conditions.