CVE-2025-43276Time-of-check Time-of-use (TOCTOU) Race Condition in Apple Macos

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 71.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Macos
Timeline
PublishedJul 30

Description

A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5apple/macos< 15.6
NVDapple/macos< 15.6

🔴Vulnerability Details

2
GHSA
GHSA-xv2q-4cq2-h5pc: A logic error was addressed with improved error handling2025-07-30
CVEList
CVE-2025-43276: A logic error was addressed with improved error handling2025-07-29

📋Vendor Advisories

1
Apple
CVE-2025-43276: macOS Sequoia 15.62025-07-29
CVE-2025-43276 — Apple Macos vulnerability | cvebase