{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43274", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.101Z", "datePublished": "2025-07-29T23:28:54.839Z", "dateUpdated": "2026-04-02T18:07:57.665Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A sandboxed process may be able to circumvent sandbox restrictions"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions."}], "references": [{"url": "https://support.apple.com/en-us/124149"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:07:57.665Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-311", "lang": "en", "description": "CWE-311 Missing Encryption of Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-30T13:15:18.638304Z", "id": "CVE-2025-43274", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:15:23.971Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:03:53.023Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:03:53.023Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43274", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-30T13:15:18.638304Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-311", "description": "CWE-311 Missing Encryption of Sensitive Data"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:11:15.864Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/124149"}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A sandboxed process may be able to circumvent sandbox restrictions"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-07-29T23:54:04.322Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43274", "state": "PUBLISHED", "dateUpdated": "2025-11-03T20:03:53.023Z", "dateReserved": "2025-04-16T15:24:37.101Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-07-29T23:28:54.839Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "077E4BB7-4A8B-4D18-BCD7-2938A2B8B9C8", "versionEndExcluding": "15.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de privacidad eliminando el c\u00f3digo vulnerable. Este problema se solucion\u00f3 en macOS Sequoia 15.6. Un proceso en un entorno de pruebas podr\u00eda eludir las restricciones del mismo."}], "id": "CVE-2025-43274", "lastModified": "2025-11-03T20:18:59.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-30T00:15:38.360", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/32"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T11:04:41.995898+00:00", "value": {"mitigation_remediation": ["Install macOS Sequoia 15.6 or later, which removes the vulnerable code and restores proper sandbox enforcement.", "Restrict sandboxed applications to the minimal set of system resources they require, reducing the potential impact of a sandbox escape.", "Audit sandboxed applications for handling sensitive data and enforce encryption or other protection mechanisms in accordance with best practices."], "summary": {"action": "Patch", "impact": "Sandbox Escalation"}, "threat_synthesis": {"affected_systems": "Apple macOS systems running versions prior to Sequoia 15.6 are potentially affected. The CVE statement fixes the issue in Sequoia 15.6, implying that earlier releases still contain the code that may allow sandbox circumvention.", "description_and_impact": "The vulnerability involves a privacy flaw where a sandboxed process can bypass macOS sandbox restrictions. It was addressed by removing the vulnerable code in Sequoia 15.6 and is classified as CWE-311, meaning sensitive data was handled without proper protection. Based on the description, it is inferred that an attacker controlling a sandboxed application could read or modify data that should be confined within the sandbox, potentially exposing confidential information.", "risk_and_exploitability": "The CVSS score of 4.4 indicates moderate severity, while the EPSS score of less than 1% shows a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the description does not mention remote exploitation, it is inferred that the threat requires a sandboxed application to be run locally; remote attack is unlikely. The overall risk remains low to moderate."}}}}, "created": "2025-07-30T10:13:57.192249+00:00", "title": "Sandbox Escalation via Unprotected Sensitive Data in macOS", "updated": "2026-04-28T11:15:26.089858+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia"]}