CVE-2025-43237 - OpenCVE

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Apple	Macos Macos Sequoia

Configuration 1 [-]

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Jul/32
https://support.apple.com/en-us/124149

History

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Jul/32

Fri, 01 Aug 2025 14:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:apple:macos::::::::

Wed, 30 Jul 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 30 Jul 2025 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Apple macos Sequoia
Vendors & Products		Apple Apple macos Apple macos Sequoia

Wed, 30 Jul 2025 00:15:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6. An app may be able to cause unexpected system termination.
References		https://support.apple.com/en-us/124149

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-07-29T23:54:46.917Z

Updated: 2025-11-03T20:02:22.014Z

Reserved: 2025-04-16T15:24:37.091Z

Link: CVE-2025-43237

Vulnrichment

Updated: 2025-11-03T20:02:22.014Z

NVD

Status : Modified

Published: 2025-07-30T00:15:35.677

Modified: 2025-11-03T20:18:55.580

Link: CVE-2025-43237

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object