CVE-2025-43267 — Injection in Apple Macos

CWE-74 — Injection CWE-1284 — Improper Validation of Specified Quantity in Input5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos

Timeline

PublishedJul 30

Description

An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. An app may be able to access sensitive user data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apple/macos< 15.6

▶NVDapple/macos< 15.6

🔴Vulnerability Details

GHSA

GHSA-gg5m-q45x-623f: An injection issue was addressed with improved validation↗2025-07-30

▶

CVEList

CVE-2025-43267: An injection issue was addressed with improved validation↗2025-07-29

▶

📋Vendor Advisories

Apple

CVE-2025-43267: macOS Sequoia 15.6↗2025-07-29

▶

Microsoft

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient valida↗2021-11-09

▶