VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Nov 4, 2025· Updated Apr 2, 2026

CVE-2025-43391

CVE-2025-43391

Description

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2025-43391 is a privacy issue in Apple OSes that allows an app to access sensitive user data via improper temporary file handling.

Vulnerability

Description CVE-2025-43391 is a privacy issue affecting Apple operating systems that was addressed with improved handling of temporary files. The root cause is related to how the system manages temporary file operations, which could allow an application to gain unintended access to sensitive user data. The issue is fixed in iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1 [1][2][3][4].

Exploitation

An attacker would need to have an app installed on a vulnerable device to exploit this issue. The app must be capable of interacting with the filesystem in a way that leverages the improper temporary file handling. No specific user interaction beyond running the app is required, and the attack can be performed locally. The exploitation does not require any special permissions beyond those normally granted to apps.

Impact

A successful exploit could allow the app to access sensitive user data, such as documents, credentials, or other private information stored on the device. The exact type of data accessible depends on the context of the temporary files and the user's activities. The impact is limited to data that is processed or stored in temporary files during normal system use.

Mitigation

The vulnerability is patched in the latest software updates released by Apple on November 3, 2025. Users are advised to update their devices to iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.1 as applicable. No other known mitigations are available.

References
  1. About the security content of macOS Tahoe 26.1 - Apple Support
  2. About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support
  3. About the security content of macOS Sequoia 15.7.2 - Apple Support
  4. About the security content of macOS Sonoma 14.8.2 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Apple Inc./Ipados2 versions
    cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <26.1
    • (no CPE)range: <= 26.1
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: <26.1
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=14.0,<14.8.2
    • (no CPE)range: <= 15.7.2
  • Cisco Systems, Inc./Cisco iOSllm-fuzzy
    Range: <= 26.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.