VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Oct 15, 2025· Updated Apr 2, 2026

CVE-2025-43313

CVE-2025-43313

Description

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logic issue in macOS allows an app to access sensitive user data; fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7.

Vulnerability

Overview

CVE-2025-43313 is a logic issue in macOS that could allow an app to access sensitive user data. Apple addressed the flaw with improved restrictions, as described in the official advisory [1][2][3]. The root cause is a logic flaw that bypasses normal access controls.

Exploitation

An app with local execution privileges could exploit this logic issue to gain unauthorized access to sensitive user data. No additional authentication or network access is required beyond the ability to run an app on the affected system. Apple has not disclosed further technical details to protect users while updates are deployed [1][2][3].

Impact

Successful exploitation could lead to disclosure of sensitive user data, such as personal files or credentials, depending on the app's capabilities. The CVSS v3 score of 5.5 (Medium) reflects the local attack vector and potential for confidentiality impact.

Mitigation

Apple has released security updates for macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7 to fix this issue [1][2][3]. Users are strongly advised to apply the latest updates to protect their systems.

References
  1. About the security content of macOS Sequoia 15.6 - Apple Support
  2. About the security content of macOS Sonoma 14.7.7 - Apple Support
  3. About the security content of macOS Ventura 13.7.7 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=13.0,<13.7.7
    • (no CPE)range: <=15.5, <=14.7.6, <=13.7.6

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.