VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Sep 15, 2025· Updated Apr 2, 2026

CVE-2025-43317

CVE-2025-43317

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A permissions issue in Apple operating systems, addressed with improved symlink validation, could allow an app to access sensitive user data.

CVE-2025-43317 is a permissions issue present in multiple Apple operating systems, including macOS Tahoe, iOS/iPadOS, tvOS, visionOS, and watchOS. The root cause is insufficient validation of symlinks, which could allow an app to bypass privacy preferences and access sensitive user data [1]. The vulnerability was addressed by adding additional restrictions in the respective OS updates.

To exploit this vulnerability, an attacker would need to have an app installed on the target device. No special authentication or network position is required beyond the app's existing entitlements. The app could leverage the inadequate symlink validation to gain unauthorized access to sensitive data stored on the device.

Successful exploitation could lead to the disclosure of sensitive user data, such as location information, contacts, or other protected data. The impact varies by platform, but the common outcome is that an app can access data it should not be able to.

Apple released patches for this vulnerability on September 15, 2025, in macOS Tahoe 26, iOS 26, iPadOS 26, tvOS 26, visionOS 26, and watchOS 26 [1][4]. Users are strongly encouraged to update their devices to the latest OS versions to mitigate the risk.

References
  1. About the security content of macOS Tahoe 26 - Apple Support
  2. About the security content of visionOS 26 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <26.0
    • (no CPE)range: =26
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <26.0
  • Apple Inc./macOS
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Range: <26.0
  • Apple Inc./tvOS2 versions
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <26.0
    • (no CPE)range: =26
  • Apple Inc./Visionos2 versions
    cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*range: <26.0
    • (no CPE)range: =26
  • Apple Inc./watchOS2 versions
    cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <26.0
    • (no CPE)range: =26
  • Cisco Systems, Inc./Cisco iOSllm-fuzzy
    Range: =26
  • Apple Inc./macOS Tahoellm-fuzzy
    Range: =26

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.