CVE-2025-43298
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | From 14.0 (inc) to 14.8 (exc) |
| apple | macos | From 15.0 (inc) to 15.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-41 | The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a parsing issue in the handling of directory paths. It means that the system did not properly validate directory paths, which could be exploited by an app to gain root privileges. The issue has been fixed by improving path validation in certain macOS versions.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an app to gain root privileges, which means it could execute actions with the highest level of system access, potentially compromising the entire system's security and integrity.
What immediate steps should I take to mitigate this vulnerability?
Apply the security updates provided by Apple for macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26 to fix the parsing issue and prevent potential root privilege escalation.