CVE-2025-43259
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-11-03
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | to 13.7.7 (exc) |
| apple | macos | From 14.0 (inc) to 14.7.7 (exc) |
| apple | macos | From 15.0 (inc) to 15.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-359 | The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker with physical access to a locked device to potentially view sensitive user information due to insufficient redaction of that information. The issue was addressed by improving the redaction process to better protect sensitive data.
How can this vulnerability impact me? :
If an attacker gains physical access to your locked device, they may be able to see sensitive user information that should be protected, potentially leading to privacy breaches or unauthorized disclosure of personal data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your macOS devices are updated to the fixed versions: macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7. Additionally, restrict physical access to locked devices to prevent attackers from viewing sensitive user information.