CVE-2025-43516 — Session Fixation in Apple Macos

CWE-384 — Session Fixation7 documents5 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 96.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos

Timeline

PublishedDec 12

Description

A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user's activity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5apple/macos< 14.8.3+2

▶NVDapple/macos15.0 — 15.7.3+1

🔴Vulnerability Details

CVEList

CVE-2025-43516: A session management issue was addressed with improved checks↗2025-12-12

▶

GHSA

GHSA-g7qx-4r9v-657r: A session management issue was addressed with improved checks↗2025-12-12

▶

📋Vendor Advisories

Apple

CVE-2025-43516: macOS Sequoia 15.7.3↗2025-12-12

▶

Apple

CVE-2025-43516: macOS Sonoma 14.8.3↗2025-12-12

▶

Apple

CVE-2025-43516: macOS Tahoe 26.2↗2025-12-12

▶

🕵️Threat Intelligence

Wiz

CVE-2025-43516 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶