{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43310", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.105Z", "datePublished": "2025-09-15T22:34:31.974Z", "dateUpdated": "2026-04-02T18:10:36.351Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to trick a user into copying sensitive data to the pasteboard"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard."}], "references": [{"url": "https://support.apple.com/en-us/125110"}, {"url": "https://support.apple.com/en-us/125111"}, {"url": "https://support.apple.com/en-us/125112"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:10:36.351Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-359", "lang": "en", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-16T18:55:54.796322Z", "id": "CVE-2025-43310", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T18:56:06.387Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/55"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/54"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:10:51.753Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/55"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/54"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:10:51.753Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43310", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-16T18:55:54.796322Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T18:44:13.336Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.8", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125112"}, {"url": "https://support.apple.com/en-us/125110"}, {"url": "https://support.apple.com/en-us/125111"}], "descriptions": [{"lang": "en", "value": "A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to trick a user into copying sensitive data to the pasteboard"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-09-15T22:34:31.974Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43310", "state": "PUBLISHED", "dateUpdated": "2025-11-03T18:10:51.753Z", "dateReserved": "2025-04-16T15:24:37.105Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-09-15T22:34:31.974Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EF389A5-03CF-478D-9CE9-26556CBD4CEC", "versionEndExcluding": "14.8", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D37B8DD2-ECC6-469E-A1A3-148B98F9DEB6", "versionEndExcluding": "15.7", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to trick a user into copying sensitive data to the pasteboard."}], "id": "CVE-2025-43310", "lastModified": "2026-04-02T19:20:23.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-15T23:15:34.087", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/125110"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125111"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/55"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T00:16:26.136287+00:00", "value": {"mitigation_remediation": ["Install the latest macOS updates that contain the pasteboard fix, specifically macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26 and later.", "Use system settings or command\u2011line tools to limit clipboard sharing for untrusted applications where possible.", "Inform users to confirm the source of data before accepting it from the pasteboard and to be cautious of applications that request to copy sensitive information."], "summary": {"action": "Apply Patch", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "The affected operating systems are Apple macOS releases prior to macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26. Versions released after these updates incorporate additional restrictions that mitigate the issue. The vendor specifies that the fix applies to the aforementioned release branches, but earlier builds remain susceptible.", "description_and_impact": "A configuration issue in macOS permits an application to potentially deceive a user into copying sensitive information to the system pasteboard. This flaw allows the disclosure of data that a user did not explicitly intend to share. The weakness is classified as CWE\u2011359, indicating a sensitive data exposure vulnerability, and is reflected in a CVSS score of 4.4, which signifies moderate severity.", "risk_and_exploitability": "The low EPSS score of less than 1 percent suggests that exploitation is unlikely to be widespread at this time. The vulnerability is not listed in CISA's KEV catalog, further indicating that there are no known widespread attacks leveraging this flaw. Given that the attack likely relies on social engineering\u2014tricking a user into copying data\u2014the vector is local and requires user interaction. The CVSS rating indicates a moderate impact but the overall risk to a system is limited unless an attacker can convincingly manipulate user behavior."}}}}, "created": "2025-09-17T10:06:41.818199+00:00", "title": "Pasteboard Sensitive Data Exposure via User Tricking", "updated": "2026-04-28T00:30:15.452733+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia", "apple$PRODUCT$macos_sonoma", "apple$PRODUCT$macos_tahoe"]}