VDB

CISA-2025-43448

CISA-2025-43448 PUBLISHED CVSS 6.3 MEDIUM

Reported by apple · Published November 4, 2025

This issue was addressed with improved validation of symlinks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to break out of its sandbox.

Risk Scores

CVSS 3.1
6.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Affected Products

VendorProductVersions
ApplemacOSunspecified
AppletvOSunspecified
ApplemacOSunspecified
ApplevisionOSunspecified
ApplewatchOSunspecified
ApplemacOSunspecified
AppleiOS and iPadOSunspecified
AppleiOS and iPadOSunspecified
ApplemacOSunspecified, unspecified, unspecified
ApplewatchOSunspecified, unspecified
ApplevisionOS*, *
AppletvOS*, unspecified
AppleiOS and iPadOSunspecified, unspecified, unspecified

Timeline

  • Nov 4, 2025 CVE Published
  • Dec 17, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›