CVE-2025-43195
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-11-03
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 13.7.7 (exc) |
| apple | macos | From 14.0 (inc) to 14.7.7 (exc) |
| apple | macos | From 15.0 (inc) to 15.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to improper handling of environment variables in certain macOS versions. The issue was that environment variables were not properly validated, which could allow an application to access sensitive user data. The problem has been fixed by improving validation in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an application to access sensitive user data without proper authorization, potentially leading to privacy breaches or data leakage.
What immediate steps should I take to mitigate this vulnerability?
Update your system to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7 where this issue has been fixed with improved validation of environment variables to prevent unauthorized access to sensitive user data.