CVE-2025-43327 — User Interface (UI) Misrepresentation of Critical Information in Apple Macos

CWE-451 — User Interface (UI) Misrepresentation of Critical Information5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 77.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Safari

Timeline

PublishedSep 15

Latest updateSep 16

Description

The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages4 packages

▶CVEListV5apple/macos< 26

▶NVDapple/macos< 26.0

▶CVEListV5apple/safari< 26

▶NVDapple/safari< 26.0

🔴Vulnerability Details

GHSA

GHSA-chxg-5mcw-m68q: The issue was addressed by adding additional logic↗2025-09-16

▶

CVEList

CVE-2025-43327: The issue was addressed by adding additional logic↗2025-09-15

▶

📋Vendor Advisories

Apple

CVE-2025-43327: macOS Tahoe 26↗2025-09-15

▶

Apple

CVE-2025-43327: Safari 26↗2025-09-15

▶