Low severity3.3NVD Advisory· Published Sep 15, 2025· Updated Apr 2, 2026

CVE-2025-43294

Description

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26, tvOS 26.1, watchOS 26.1. An app may be able to access sensitive user data.

Affected products

Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <26.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2025/Sep/53nvd
support.apple.com/en-us/125110nvd
support.apple.com/en-us/125632nvd
support.apple.com/en-us/125637nvd
support.apple.com/en-us/125639nvd

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000