CVE-2025-46290
Published: 11 February 2026
Summary
CVE-2025-46290 is a high-severity Protection Mechanism Failure (CWE-693) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 28.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Ongoing control assessments and analysis of monitoring data enable timely detection and response when protection mechanisms fail.
Testing verifies the system's ability to detect, handle, and recover from exceptional conditions as part of the plan, reducing exploitability of improper exception handling.
Assessments of security controls directly validate whether protection mechanisms function as intended, exposing failures for correction.
Mandates review that the selected process, standards, and tools can satisfy security requirements, reducing failure of protection mechanisms in the delivered system.
Mandates selection and application of resiliency techniques and implementation approaches that strengthen protection mechanisms against failure or bypass.
Explicit verification and alerting detect when protection mechanisms are not functioning, limiting undetected bypasses.
Implements a reliable, tamperproof protection mechanism whose completeness can be assured.
Procedures for training on protection mechanisms reduce the chance of protection mechanism failures being present or exploitable.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables remote network exploitation of an Apple OS flaw (protection mechanism failure) to crash/deny availability on the endpoint device, directly matching application/system exploitation for DoS.
NVD Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. A remote attacker may…
more
be able to cause a denial-of-service.
Deeper analysisAI
CVE-2025-46290 is a logic issue addressed through improved checks in multiple Apple operating systems and platforms. The vulnerability affects iOS and iPadOS prior to versions 18.7.3 and 26.2, macOS Sequoia prior to 15.7.4, macOS Sonoma prior to 14.8.4, macOS Tahoe prior to 26.2, visionOS prior to 26.2, and watchOS prior to 26.2. It is associated with CWE-693 (Protection Mechanism Failure) and CWE-703 (Improper Check or Handling of Exceptional Conditions), earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.
A remote attacker can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation leads to a denial-of-service condition, disrupting service availability on the targeted device without compromising confidentiality or integrity.
Apple security advisories detail mitigations through patches in the specified versions, as outlined in support documents such as https://support.apple.com/en-us/125884, https://support.apple.com/en-us/125885, https://support.apple.com/en-us/125886, https://support.apple.com/en-us/125890, and https://support.apple.com/en-us/125891. Security practitioners should prioritize updating affected devices to these versions to prevent exploitation.
Details
- CWE(s)