{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43340", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.110Z", "datePublished": "2025-09-15T22:34:43.601Z", "dateUpdated": "2026-04-02T18:12:44.341Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to break out of its sandbox"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox."}], "references": [{"url": "https://support.apple.com/en-us/125110"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:12:44.341Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-16T17:44:54.952562Z", "id": "CVE-2025-43340", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T18:13:04.075Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:11:33.530Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43340", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-16T17:44:54.952562Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T18:13:00.331Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125110"}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to break out of its sandbox"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-09-15T22:34:43.601Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43340", "state": "PUBLISHED", "dateUpdated": "2025-09-16T18:13:04.075Z", "dateReserved": "2025-04-16T15:24:37.110Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-09-15T22:34:43.601Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "39AFEC84-CF6E-4859-8B5A-C5CF3F838A94", "versionEndExcluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox."}], "id": "CVE-2025-43340", "lastModified": "2025-11-03T19:16:02.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-15T23:15:36.273", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T00:12:10.336235+00:00", "value": {"mitigation_remediation": ["Upgrade the operating system to macOS Tahoe 26 or later to receive the vendor fix that restores proper permission checks. ", "If an upgrade is not immediately possible, audit the sandbox configuration and remove any unnecessary entitlements or file access permissions for the affected application to reduce the surface area of escape. ", "Enable Gatekeeper, enforce app notarization, and limit network and file system permissions for all applications until the patch is applied, thereby limiting the ability of a malicious app to escape the sandbox."], "summary": {"action": "Apply Patch", "impact": "Sandbox Escape / Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects systems running Apple macOS before macOS Tahoe 26. This includes all earlier macOS releases where the sandbox permission checks were insufficient. The patch is delivered in macOS Tahoe 26, thus users on earlier macOS versions are potentially vulnerable.", "description_and_impact": "A permissions issue in macOS, addressed by adding further restrictions, can allow an application to break out of its sandbox. The flaw is an authorization bypass that grants excessive privileges to the sandboxed process, enabling code execution beyond the intended confinement boundaries. This type of weakness can allow an attacker to compromise system integrity and confidentiality by running code with elevated privileges.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity of the flaw. The EPSS score of < 1% suggests that exploitation is currently rare, and the vulnerability is not listed in CISA KEV, which further reduces the likelihood of current active attacks. The likely attack vector is local, requiring the malicious application to be executed on the targeted machine with the ability to request elevated permissions during sandbox setup. Given the high potential impact and low exploitation probability, stakeholders should plan remediation promptly."}}}}, "created": "2025-09-17T10:06:35.565528+00:00", "title": "macOS Sandbox Escape via Permission Misconfiguration", "updated": "2026-04-28T00:15:05.521700+00:00", "vendors": ["apple", "apple$PRODUCT$macos"]}