{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43380", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.115Z", "datePublished": "2025-11-04T01:17:17.928Z", "dateUpdated": "2026-04-02T18:21:58.350Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Parsing a file may lead to an unexpected app termination"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.2", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination."}], "references": [{"url": "https://support.apple.com/en-us/125634"}, {"url": "https://support.apple.com/en-us/125635"}, {"url": "https://support.apple.com/en-us/125636"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:21:58.350Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-15T04:56:20.681367Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:47:33.967Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-15T04:56:20.681367Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T14:29:31.320Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "14.8.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "15.7.2", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "26.1", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125634"}, {"url": "https://support.apple.com/en-us/125635"}, {"url": "https://support.apple.com/en-us/125636"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Parsing a file may lead to an unexpected app termination"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:21:58.350Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43380", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:21:58.350Z", "dateReserved": "2025-04-16T15:24:37.115Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-11-04T01:17:17.928Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9827CBDC-8C03-46BA-B534-8533F0975804", "versionEndExcluding": "14.8.2", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BE8199E-63D1-496C-B107-52853CFC2311", "versionEndExcluding": "15.7.2", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination."}], "id": "CVE-2025-43380", "lastModified": "2026-04-02T19:20:36.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-04T02:15:45.097", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/125634"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125635"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125636"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:28:10.695939+00:00", "value": {"mitigation_remediation": ["Upgrade macOS to Sequoia 15.7.2 or later, Sonoma 14.8.2 or later, or Tahoe 26.1 or later to apply the fixed input validation", "Configure macOS to automatically install security updates", "Restrict the use of applications that parse files to only trusted sources, or isolate them in a sandboxed environment"], "summary": {"action": "Upgrade", "impact": "Out\u2011of\u2011Bounds Write leading to unexpected app termination"}, "threat_synthesis": {"affected_systems": "Apple macOS is affected. The issue has been resolved in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1. Systems running earlier releases of any of these macOS families are vulnerable and must be updated to the specified fixed versions.", "description_and_impact": "An out\u2011of\u2011bounds write vulnerability was identified in macOS that occurs during file parsing. The flaw, classified as CWE\u2011787, allows a malformed file to corrupt memory, causing the target application to terminate unexpectedly. The primary consequence is a denial\u2011of\u2011service effect for the affected application, compromising availability rather than confidentiality or integrity.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation at the current time, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is a local or remote application that parses user\u2011supplied files; an attacker must supply a crafted file that triggers the out\u2011of\u2011bounds write, leading to application crash. No mention of remote code execution or privilege escalation is provided, so the risk remains confined to local denial of service for the apps that process the file."}}}}, "created": "2025-11-04T16:34:44.029683+00:00", "title": "Out\u2011of\u2011Bounds Write Leading to Unexpected App Termination in macOS File Parsing", "updated": "2026-04-28T10:30:29.023552+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia", "apple$PRODUCT$macos_sonoma"]}