CVE-2025-43318 — Missing Authorization in Apple Macos

CWE-862 — Missing Authorization4 documents4 sources

Severity

6.2MEDIUMNVD

EPSS

0.0%

top 94.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos

Timeline

PublishedSep 15

Latest updateSep 16

Description

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Tahoe 26. An app with root privileges may be able to access private information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.5 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5apple/macos< 26

▶NVDapple/macos< 26.0

🔴Vulnerability Details

GHSA

GHSA-w229-wmj8-39qx: This issue was addressed with additional entitlement checks↗2025-09-16

▶

CVEList

CVE-2025-43318: This issue was addressed with additional entitlement checks↗2025-09-15

▶

📋Vendor Advisories

Apple

CVE-2025-43318: macOS Tahoe 26↗2025-09-15

▶