{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-43230","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2025-04-16T15:24:37.091Z","datePublished":"2025-07-29T23:35:52.786Z","dateUpdated":"2026-04-02T18:21:13.598Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"An app may be able to access user-sensitive data"}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"0","status":"affected","lessThan":"18.6","versionType":"custom"}]},{"vendor":"Apple","product":"iPadOS","versions":[{"version":"0","status":"affected","lessThan":"17.7.9","versionType":"custom"}]},{"vendor":"Apple","product":"macOS","versions":[{"version":"0","status":"affected","lessThan":"15.6","versionType":"custom"}]},{"vendor":"Apple","product":"tvOS","versions":[{"version":"0","status":"affected","lessThan":"18.6","versionType":"custom"}]},{"vendor":"Apple","product":"visionOS","versions":[{"version":"0","status":"affected","lessThan":"2.6","versionType":"custom"}]},{"vendor":"Apple","product":"watchOS","versions":[{"version":"0","status":"affected","lessThan":"11.6","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data."}],"references":[{"url":"https://support.apple.com/en-us/124147"},{"url":"https://support.apple.com/en-us/124148"},{"url":"https://support.apple.com/en-us/124149"},{"url":"https://support.apple.com/en-us/124153"},{"url":"https://support.apple.com/en-us/124154"},{"url":"https://support.apple.com/en-us/124155"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:21:13.598Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-863","lang":"en","description":"CWE-863 Incorrect Authorization"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-07-30T17:15:32.019237Z","id":"CVE-2025-43230","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-30T17:15:40.404Z"}},{"title":"CVE Program Container","references":[{"url":"http://seclists.org/fulldisclosure/2025/Jul/37"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/35"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/32"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/31"},{"url":"http://seclists.org/fulldisclosure/2025/Jul/30"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T20:02:05.416Z"}}]}}