Main Vulnerability Database Vulnerabilities #VU113530

Improper error handling in macOS - CVE-2025-43276

Published: July 31, 2025 / Updated: July 31, 2025

Vulnerability identifier: #VU113530

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-43276

CWE-ID: CWE-388

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper error handling in the OS kernel. The iCloud Private Relay may not be activated when more than one user is logged in at the same time, leading to information disclosure.

How to mitigate CVE-2025-43276

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/124149

Improper error handling in macOS - CVE-2025-43276

Detailed vulnerability description

How to mitigate CVE-2025-43276

Sources

Please verify you're human