VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Dec 12, 2025· Updated Apr 2, 2026

CVE-2025-43463

CVE-2025-43463

Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A directory path parsing vulnerability in macOS allows an app to access sensitive user data; fixed in Sequoia 15.7.3, Sonoma 14.8.3, and Tahoe 26.1.

Root

Cause A parsing issue in the handling of directory paths was identified in multiple macOS versions. The flaw allowed improper validation of directory paths, potentially enabling an application to read files or data it should not have access to. Apple addressed this by improving path validation mechanisms [1][2][3].

Exploitation

An attacker would need to run a malicious app on the affected system; no special privileges or network access beyond local execution are required. The app could then leverage the path parsing bug to access sensitive user data outside its intended sandbox or restrictions.

Impact

Successful exploitation could lead to unauthorized access to sensitive user information, such as documents, credentials, or other private data stored on the device. This vulnerability is classified as medium severity with a CVSS v3 score of 5.5.

Mitigation

Apple has released security updates to fix this issue in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, and macOS Tahoe 26.1. Users should apply these updates promptly to protect their devices [1][2][3].

References
  1. About the security content of macOS Tahoe 26.1 - Apple Support
  2. About the security content of macOS Sequoia 15.7.3 - Apple Support
  3. About the security content of macOS Sonoma 14.8.3 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: <14.8.3
    • (no CPE)range: fixed in 15.7.3, 14.8.3, 26.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.