{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43313", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.106Z", "datePublished": "2025-10-15T20:00:48.540Z", "dateUpdated": "2026-04-02T18:24:29.140Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "13.7.7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "14.7.7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data."}], "references": [{"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124150"}, {"url": "https://support.apple.com/en-us/124151"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:24:29.140Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-15T20:39:51.882805Z", "id": "CVE-2025-43313", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T20:41:24.199Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-15T20:39:51.882805Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-15T20:41:18.933Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "13.7.7", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "14.7.7", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "15.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124150"}, {"url": "https://support.apple.com/en-us/124151"}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:24:29.140Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43313", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:24:29.140Z", "dateReserved": "2025-04-16T15:24:37.106Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-10-15T20:00:48.540Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "038B07DF-897A-4651-9B8F-2CE40307BE31", "versionEndExcluding": "13.7.7", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F043DE0-C517-463D-9693-53789EB6132D", "versionEndExcluding": "14.7.7", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF17CE2-DB4B-48D1-81AF-67EF1EC7BB45", "versionEndExcluding": "15.6", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data."}], "id": "CVE-2025-43313", "lastModified": "2026-04-02T19:20:24.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-15T20:15:35.290", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124149"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124150"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124151"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T23:40:28.698626+00:00", "value": {"mitigation_remediation": ["Upgrade the operating system to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7 to apply the vendor fix.", "Revoke or limit application permissions that access sensitive data via System Settings \u25ba Privacy & Security.", "Monitor system logs for unauthorized read attempts and consider enabling Gatekeeper or App Notarization controls for additional protection."], "summary": {"action": "Patch immediately", "impact": "Unauthorized access to sensitive user data"}, "threat_synthesis": {"affected_systems": "Apple macOS systems running versions prior to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7 are affected. The fix was delivered in those releases; any earlier macOS build remains vulnerable.", "description_and_impact": "A logic flaw involving restricted access controls has been identified in macOS. The issue allows a local application to gain read access to content and other sensitive data it should not ordinarily see. The vulnerability stems from a flaw in how the system enforces user\u2011level permissions, enabling an application to bypass those checks and obtain confidential information.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score is below 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local, requiring the attacker to run a malicious or compromised application on the target system. Given the weakness in access control (CWE\u2011284), exploitation would result in privileged read access to personal data rather than remote code execution or denial of service."}}}}, "created": "2025-10-20T13:25:23.882745+00:00", "title": "Logic flaw enables unauthorized access to sensitive user data in macOS", "updated": "2026-04-27T23:45:15.892057+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia", "apple$PRODUCT$macos_sonoma", "apple$PRODUCT$macos_ventura"]}