CVE-2025-43466 — Eval Injection in Apple Macos

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 12

Description

An injection issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

▶CVEListV5apple/macos< 26.1

▶NVDapple/macos< 26.1

CVEList

CVE-2025-43466: An injection issue was addressed with improved validation↗2025-12-12

▶

GHSA

GHSA-2v76-28wf-qm87: An injection issue was addressed with improved validation↗2025-12-12

▶

Apple

CVE-2025-43466: macOS Tahoe 26.1↗2025-11-03

▶

Wiz

CVE-2025-43466 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶