CVE-2025-43387 – A permissions vulnerability in macOS allows mal... (How to Fix)

Q: What is the severity of CVE-2025-43387?

CVE-2025-43387 has a CVSS score of 7.8 (HIGH). A permissions vulnerability in macOS allows malicious applications to escalate privileges to root access. This affects macOS systems running versions before the security updates. Users who install untrusted applications are at risk.

📋 TL;DR

A permissions vulnerability in macOS allows malicious applications to escalate privileges to root access. This affects macOS systems running versions before the security updates. Users who install untrusted applications are at risk.

💻 Affected Systems

Products:

macOS

Versions: Versions before macOS Sequoia 15.7.2 and macOS Tahoe 26.1

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user to install and run a malicious application. Gatekeeper and other macOS security features may provide some protection.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing installation of persistent malware, data theft, and system modification.

🟠

Likely Case

Local privilege escalation where a malicious app gains full system control after user installation.

🟢

If Mitigated

Limited impact if users only install trusted applications from official sources and have proper endpoint protection.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to install malicious application. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.7.2 or macOS Tahoe 26.1

Vendor Advisory: https://support.apple.com/en-us/125634

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install available updates 5. Restart when prompted

🔧 Temporary Workarounds

Restrict Application Installation

macos

Configure macOS to only allow apps from the App Store and identified developers

🧯 If You Can't Patch

Restrict user privileges and implement application allowlisting
Use endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About. If version is earlier than Sequoia 15.7.2 or Tahoe 26.1, system is vulnerable.

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version shows Sequoia 15.7.2 or Tahoe 26.1 or later in System Settings > General > About.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events in system logs
Processes running with unexpected root privileges

Network Indicators:

Unusual outbound connections from system processes

SIEM Query:

process where parent_process_name contains "installer" and process_name contains "sudo" or "su"

📊 Metadata

CVE ID: CVE-2025-43387

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-863

EPSS Score: 0.02% exploit probability (2.6th percentile)

Published: November 4, 2025

Last Updated: December 17, 2025

🔗 References

https://support.apple.com/en-us/125634
https://support.apple.com/en-us/125635 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43387, you might also want to check these: