{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43371", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.114Z", "datePublished": "2025-09-15T22:34:35.897Z", "dateUpdated": "2026-04-02T18:11:08.283Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to break out of its sandbox"}]}], "affected": [{"vendor": "Apple", "product": "Xcode", "versions": [{"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox."}], "references": [{"url": "https://support.apple.com/en-us/125117"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:11:08.283Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-16T13:40:41.659342Z", "id": "CVE-2025-43371", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T17:26:58.156Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/60"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:12:47.005Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/60"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:12:47.005Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43371", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-16T13:40:41.659342Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T13:40:44.380Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Xcode", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125117"}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to break out of its sandbox"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-09-15T22:34:35.897Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43371", "state": "PUBLISHED", "dateUpdated": "2025-11-03T18:12:47.005Z", "dateReserved": "2025-04-16T15:24:37.114Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-09-15T22:34:35.897Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "matchCriteriaId": "37CC7F40-CC3A-4AEB-9260-B621FE64735A", "versionEndExcluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox."}], "id": "CVE-2025-43371", "lastModified": "2025-11-03T19:16:05.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.8, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-15T23:15:38.770", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/60"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T00:15:05.465507+00:00", "value": {"mitigation_remediation": ["Upgrade Xcode to version 26 or later to apply the rollback fix.", "Verify that both the Xcode IDE and the associated command line tools are updated to the same version.", "If an upgrade cannot be performed immediately, restrict the build and deployment environment to limit exposure and monitor system logs for signs of sandbox escape attempts."], "summary": {"action": "Immediate Patch", "impact": "Sandbox escape leading to privilege escalation"}, "threat_synthesis": {"affected_systems": "Apple Xcode is the affected vendor. Versions prior to Xcode 26 are vulnerable, as the fix was applied in Xcode 26. The vulnerability is present in all builds of Xcode that precede version 26. No specific distribution revisions are listed, so every earlier release must be considered at risk.", "description_and_impact": "This vulnerability involves an improper privilege control flaw in Apple Xcode that could allow a compiled application to break out of its sandbox. The impact is that a malicious or compromised app could gain elevated privileges and execute actions beyond its intended isolation boundaries. The flaw maps to CWE\u2011284. No additional complexity is noted in the description.", "risk_and_exploitability": "The CVSS score of 8.2 indicates high severity. The EPSS score of less than 1% suggests the exploit is currently unlikely to be seen in the wild. The vulnerability is not currently in the CISA KEV catalog. The likely attack vector is local, via a malicious or compromised app built with the vulnerable Xcode version, which can then escape its sandbox to affect system resources or other applications."}}}}, "created": "2025-09-17T10:06:28.748249+00:00", "title": "Potential Sandbox Escape in Apple Xcode via Improper Privilege Control", "updated": "2026-04-28T00:30:15.450950+00:00", "vendors": ["apple", "apple$PRODUCT$xcode"]}