{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43482", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.127Z", "datePublished": "2025-12-12T20:56:49.675Z", "dateUpdated": "2026-04-02T18:21:54.206Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to cause a denial-of-service"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.3", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.3", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service."}], "references": [{"url": "https://support.apple.com/en-us/125886"}, {"url": "https://support.apple.com/en-us/125887"}, {"url": "https://support.apple.com/en-us/125888"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:21:54.206Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T00:56:56.879246Z", "id": "CVE-2025-43482", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T00:57:19.741Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43482", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-15T00:56:56.879246Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T00:56:46.644Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "14.8.3", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "15.7.3", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "26.2", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125886"}, {"url": "https://support.apple.com/en-us/125887"}, {"url": "https://support.apple.com/en-us/125888"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to cause a denial-of-service"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:21:54.206Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43482", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:21:54.206Z", "dateReserved": "2025-04-16T15:24:37.127Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-12-12T20:56:49.675Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4928B54-3EBC-486A-915B-F20333B30466", "versionEndExcluding": "14.8.3", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3428C860-E02D-4FE9-96F4-58EEAAB8321D", "versionEndExcluding": "15.7.3", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service."}], "id": "CVE-2025-43482", "lastModified": "2026-04-02T19:20:53.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-12-12T21:15:55.283", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/125886"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125887"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125888"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:33:49.957128+00:00", "value": {"mitigation_remediation": ["Upgrade the system to macOS Sequoia\u202f15.7.3, Sonoma\u202f14.8.3, or Tahoe\u202f26.2 to apply the official fix.", "If an immediate upgrade is not feasible, restrict execution of untrusted third\u2011party applications until the patch can be applied.", "Enable and review system logs for application crashes or abnormal termination that may indicate exploitation attempts."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Apple macOS releases prior to Sequoia\u202f15.7.3, Sonoma\u202f14.8.3, and Tahoe\u202f26.2 are vulnerable. Upgrading to any of those patched releases eliminates the flaw.", "description_and_impact": "The vulnerability is an input validation flaw classified as CWE\u201120. An application can supply malformed data that triggers a denial\u2011of\u2011service condition, causing the system or applications to crash or become unresponsive. This results in a loss of availability for the affected host.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity. An EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or requires a malicious application; based on the description, it is inferred that no remote exploitation path is disclosed."}}}}, "created": "2025-12-14T21:16:09.858690+00:00", "title": "macOS Input Validation Vulnerability Causing Denial of Service", "updated": "2026-04-28T18:45:15.971046+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia", "apple$PRODUCT$macos_sonoma"]}