Login Sign Up

CVE-2025-43273

9.1 CRITICAL

📋 TL;DR

A sandbox escape vulnerability in macOS allows sandboxed processes to bypass security restrictions. This affects macOS systems running versions before Sonoma 14.8. Attackers could potentially execute arbitrary code with elevated privileges.

💻 Affected Systems

Products:
  • macOS
Versions: Versions before macOS Sonoma 14.8
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with sandboxed applications running. The vulnerability is in the macOS sandbox implementation itself.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary code with kernel-level privileges, install persistent malware, or access sensitive data across the system.

🟠

Likely Case

Local privilege escalation allowing attackers to break out of application sandboxes and gain unauthorized access to system resources or user data.

🟢

If Mitigated

Limited impact if proper application sandboxing and least privilege principles are already implemented, though some bypass may still occur.

🌐 Internet-Facing: LOW with brief explanation
🏢 Internal Only: HIGH with brief explanation

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to execute code within a sandboxed process. No public exploit code has been identified in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sonoma 14.8

Vendor Advisory: https://support.apple.com/en-us/125112

Restart Required: Yes

Instructions:

1. Open System Settings
2. Click 'General'
3. Click 'Software Update'
4. Install macOS Sonoma 14.8 update
5. Restart the system when prompted

🔧 Temporary Workarounds

Restrict application execution

all

Limit execution of untrusted applications and use application allowlisting

🧯 If You Can't Patch

  • Implement strict application sandboxing policies and monitor for unusual process behavior
  • Use endpoint detection and response (EDR) solutions to detect sandbox escape attempts

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is earlier than Sonoma 14.8, the system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version shows 'Sonoma 14.8' or later in System Settings > General > About.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process spawning from sandboxed applications
  • System integrity protection (SIP) violations
  • Unexpected privilege escalation events

Network Indicators:

  • Unusual outbound connections from system processes

SIEM Query:

process where parent_process_name contains sandboxed_app and process_name not in expected_sandbox_processes

📊 Metadata

CVE ID: CVE-2025-43273
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-693
EPSS Score: 0.05% exploit probability (14.3th percentile)
Published: July 30, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43273, you might also want to check these:

CVE-2023-31273 10.0

This vulnerability in Intel Data Center Manager (DCM) software allows unauthenticated attackers to b...

Same vulnerability type (CWE-693)
CVE-2021-32835 9.9

CVE-2021-32835 is a sandbox escape vulnerability in Eclipse Keti that allows authenticated attackers...

Same vulnerability type (CWE-693)
CVE-2025-68668 9.9

This CVE describes a sandbox bypass vulnerability in n8n's Python Code Node that allows authenticate...

Same vulnerability type (CWE-693)