cbcvebase.
CVE-2025-43482
published 2025-12-12

CVE-2025-43482: The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able…

PriorityP277medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.19%
8.6th percentile
The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to cause a denial-of-service.

Affected

8 ranges
VendorProductVersion rangeFixed in
applemacos< 14.8.314.8.3
applemacos< 15.7.315.7.3
applemacos< 26.226.2
applemacos>= 14.0 < 14.8.314.8.3
applemacos>= 15.0 < 15.7.315.7.3
applemacos_sequoia
applemacos_sonoma
applemacos_tahoe

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the Audio component of macOS; monitor for apps triggering abnormal Audio subsystem behavior or crashes (denial-of-service) on unpatched macOS versions prior to Sequoia 15.7.3, Sonoma 14.8.3, or Tahoe 26.2.
  • Root cause is insufficient input validation in the macOS Audio component; look for malformed or unexpected audio input being passed to the Audio subsystem by untrusted applications.
  • ·No public exploit code, hashes, network indicators, or file-level IOCs are disclosed in any source. Detection is limited to behavioral/version-based signals.
  • ·Affected component is 'Audio' across three macOS release trains (Sequoia, Sonoma, Tahoe); ensure patch applicability is checked per OS version in your fleet.

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.