SB2025073055 - Multiple vulnerabilities in Apple macOS Ventura
Published: July 30, 2025 Updated: October 16, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2025-43193)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in SecurityAgent. A local application can cause a denial-of-service.
2) Information exposure through log files (CVE-ID: CVE-2025-43225)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to inclusion of sensitive information into a log file in Notes. A local application can access sensitive user data.
3) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43266)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in NSSpellChecker. A local application can break out of its sandbox.
4) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43247)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can trick the victim into opening a specially crafted file and modify the contents of system files.
5) Improper access control (CVE-ID: CVE-2025-43194)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in PackageKit. A local application can modify protected parts of the file system.
6) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43241)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in SceneKit. A local application can trick the victim into opening a specially crafted file and read files outside of its sandbox.
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to incorrect handling of path names in SharedFileList. A local application can break out of its sandbox.
8) Improper access control (CVE-ID: CVE-2025-43197)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Single Sign-On. A local application can access sensitive user data.
9) Memory corruption (CVE-ID: CVE-2025-43239)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in sips. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.
10) Permissions, privileges, and access controls (CVE-ID: CVE-2025-43243)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in Software Update. A local application can modify protected parts of the file system.
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to incorrect handling of path names in System Settings. A local application can trick the victim into opening a specially crafted file and access protected user data.
12) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-43259)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.
The vulnerability exists due to excessive data output in WindowServer. An attacker with physical access to the system can view sensitive user information.
13) Improper input validation (CVE-ID: CVE-2025-43238)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in Xsan. A local application can cause unexpected system termination.
14) Improper access control (CVE-ID: CVE-2025-43270)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Notes. A local application can Local Network.
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to incorrect handling of path names in libxpc. A local application can gain root privileges.
CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of path names in Admin Framework. A local application can cause a denial-of-service.
17) Improper input validation (CVE-ID: CVE-2025-43199)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in Core Services. A local application can gain root privileges.
18) Memory corruption (CVE-ID: CVE-2025-43186)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in afclip. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.
19) State issues (CVE-ID: CVE-2025-43244)
CWE-ID: CWE-371 - State Issues
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a state management issue in AMD. A local application can cause unexpected system termination.
20) Permissions, privileges, and access controls (CVE-ID: CVE-2025-31243)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in AppleMobileFileIntegrity. A local application can gain root privileges.
21) Improper access control (CVE-ID: CVE-2025-43249)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in AppleMobileFileIntegrity. A local application can gain root privileges.
22) Cryptographic issues (CVE-ID: CVE-2025-43245)
CWE-ID: CWE-310 - Cryptographic Issues
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a cryptographic issue in AppleMobileFileIntegrity. A local application can access protected user data.
23) Use-after-free (CVE-ID: CVE-2025-43222)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the CFNetwork component. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.
24) Improper input validation (CVE-ID: CVE-2025-43223)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient input validation in CFNetwork. A local user can modify restricted network settings.
25) Improper link resolution before file access ('link following') (CVE-ID: CVE-2025-43220)
CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insecure symbolic link following in copyfile. A local application can access protected user data.
26) Memory corruption (CVE-ID: CVE-2025-43210)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in CoreMedia. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination or corrupt process memory.
27) Improper input validation (CVE-ID: CVE-2025-43195)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to insufficient input validation in CoreServices. A local application can access sensitive user data.
28) OS Command Injection (CVE-ID: CVE-2025-43187)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation. A local user can run the hdiutil command to execute arbitrary code on the system.
29) Improper input validation (CVE-ID: CVE-2025-43254)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in file. A local application can trick the victim into opening a specially crafted file and perform unexpected app termination.
30) Improper access control (CVE-ID: CVE-2025-43261)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in File Bookmark. A local application can break out of its sandbox.
31) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-31279)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to fingerprint the user.
The vulnerability exists due to improperly imposed security restrictions in Find My feature. A local application can gain access to sensitive information.
32) Memory corruption (CVE-ID: CVE-2025-43255)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in GPU Drivers. A local application can cause unexpected system termination.
33) Memory corruption (CVE-ID: CVE-2025-43209)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ICU. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected Safari crash.
34) Input validation error (CVE-ID: CVE-2025-24224)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the OS kernel. A local application can perform a denial of service (DoS) attack.
35) State Issues (CVE-ID: CVE-2025-24119)
CWE-ID: CWE-371 - State Issues
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a state management issue in the Finder application. A local app can execute arbitrary code out of its sandbox or with certain elevated privileges.
36) Race condition (CVE-ID: CVE-2025-43275)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in NetAuth. A local application can exploit the race and break out of its sandbox.
37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-43232)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improperly imposed security restrictions in PackageKit. A local application can bypass certain Privacy preferences.
38) Type confusion (CVE-ID: CVE-2025-43236)
CWE-ID: CWE-843 - Type confusion
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in Power Management. A local user can trigger a type confusion error and perform a denial of service (DoS) attack.
39) Information disclosure (CVE-ID: CVE-2025-43233)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the Security component. A local application acting as a HTTPS proxy can get access to sensitive user data.
40) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2025-43184)
CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations
CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to a missing consent prompt in Shortcuts. An attacker can trick the victim into executing a specially crafted shortcut and bypass sensitive Shortcuts app settings.
41) Memory corruption (CVE-ID: CVE-2025-43284)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in GPU Drivers. A local application can cause unexpected system termination.
42) Improper access control (CVE-ID: CVE-2025-43313)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in CoreServices. A local application can access sensitive user data.
43) Resource management error (CVE-ID: CVE-2025-43282)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the OS kernel. A local application can cause unexpected system termination.
Remediation
Install update from vendor's website.