{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-43311","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2025-04-16T15:24:37.105Z","datePublished":"2025-09-15T22:34:27.671Z","dateUpdated":"2026-04-02T18:08:42.143Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"An app may be able to access protected user data"}]}],"affected":[{"vendor":"Apple","product":"macOS","versions":[{"version":"0","status":"affected","lessThan":"14.8","versionType":"custom"},{"version":"0","status":"affected","lessThan":"15.7","versionType":"custom"},{"version":"0","status":"affected","lessThan":"26","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data."}],"references":[{"url":"https://support.apple.com/en-us/125110"},{"url":"https://support.apple.com/en-us/125111"},{"url":"https://support.apple.com/en-us/125112"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:08:42.143Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-862","lang":"en","description":"CWE-862 Missing Authorization"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.1,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","integrityImpact":"LOW","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-09-16T15:53:03.228006Z","id":"CVE-2025-43311","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-09-16T15:53:06.334Z"}},{"title":"CVE Program Container","references":[{"url":"http://seclists.org/fulldisclosure/2025/Sep/55"},{"url":"http://seclists.org/fulldisclosure/2025/Sep/54"},{"url":"http://seclists.org/fulldisclosure/2025/Sep/53"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T18:10:54.575Z"}}]}}