{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43331", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.109Z", "datePublished": "2025-09-15T22:34:17.695Z", "dateUpdated": "2026-04-02T18:08:00.197Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access protected user data"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data."}], "references": [{"url": "https://support.apple.com/en-us/125110"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:08:00.197Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-862", "lang": "en", "description": "CWE-862 Missing Authorization"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-16T13:17:42.555055Z", "id": "CVE-2025-43331", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T13:17:47.003Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:11:27.562Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:11:27.562Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43331", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-16T13:17:42.555055Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T13:17:34.315Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125110"}], "descriptions": [{"lang": "en", "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access protected user data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-09-15T22:34:17.695Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43331", "state": "PUBLISHED", "dateUpdated": "2025-11-03T18:11:27.562Z", "dateReserved": "2025-04-16T15:24:37.109Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-09-15T22:34:17.695Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "39AFEC84-CF6E-4859-8B5A-C5CF3F838A94", "versionEndExcluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data."}], "id": "CVE-2025-43331", "lastModified": "2025-11-03T19:16:01.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-15T23:15:35.833", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T00:21:57.057479+00:00", "value": {"mitigation_remediation": ["Install macOS\u202fTahoe\u202f26 or newer to receive the fix that tightens code\u2011signing enforcement.", "Enable Gatekeeper\u2019s strict enforcement of signed applications (System Settings\u202f>\u202fPrivacy & Security\u202f>\u202fApp\u202fSecurity) to prevent the launch of unsigned or downgraded applications.", "Audit installed applications and remove any that have been added without proper code signing or that request elevated privileges."], "summary": {"action": "Patch", "impact": "Access to protected user data via privilege escalation"}, "threat_synthesis": {"affected_systems": "Affected versions are all macOS releases prior to macOS Tahoe\u00a026. The advisory lists Apple macOS as the sole vendor, with no specific version numbers provided beyond the mention that the fix is in Tahoe\u00a026.", "description_and_impact": "A downgrade flaw in macOS allowed prior bypass of code\u2011signing restrictions, giving an application elevated privileges to access protected user data. This is a privilege\u2011escalation vulnerability identified as CWE\u2011862. The flaw has been patched in macOS Tahoe\u00a026 with additional code\u2011signing checks. An attacker could exploit the weakness to run a malicious app that reads or manipulates sensitive information.", "risk_and_exploitability": "The CVSS score of\u202f4.0 and EPSS score of less than\u202f1% indicate a low severity and a small probability of exploitation. The flaw is not listed in the CISA KEV catalog, suggesting that widespread or targeted exploitation has not been observed. Because the flaw requires local installation of a downgraded application, the likely attack vector is a local user or an attacker with physical or remote access who can install software. This positions the vulnerability as a low\u2011risk privilege escalation that could lead to unauthorized data access."}}}}, "created": "2025-09-17T10:06:42.830393+00:00", "title": "Privilege Escalation Exploit Grants Access to Protected User Data in macOS", "updated": "2026-04-28T00:30:15.457535+00:00", "vendors": ["apple", "apple$PRODUCT$macos"]}