Main Vulnerability Database Vulnerabilities #VU119927

#VU119927 Improper input validation in macOS - CVE-2025-43410

Published: December 13, 2025 / Updated: December 13, 2025

Vulnerability identifier: #VU119927

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-43410

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
macOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker with physical access to the system to gain access to sensitive information.

The vulnerability exists due to insufficient input validation in Notes. An attacker with physical access to the system can view deleted notes.

Install update from vendor's website.