CVE-2025-43390 – A code-signing downgrade vulnerability in Intel... (How to Fix)

Q: What is the severity of CVE-2025-43390?

CVE-2025-43390 has a CVSS score of 5.5 (MEDIUM). A code-signing downgrade vulnerability in Intel-based Mac computers allows malicious apps to bypass security restrictions and access sensitive user data. This affects macOS systems before specific updates. Users with Intel-based Macs running vulnerable macOS versions are at risk.

📋 TL;DR

A code-signing downgrade vulnerability in Intel-based Mac computers allows malicious apps to bypass security restrictions and access sensitive user data. This affects macOS systems before specific updates. Users with Intel-based Macs running vulnerable macOS versions are at risk.

💻 Affected Systems

Products:

macOS

Versions: Versions before macOS Sequoia 15.7.2 and macOS Tahoe 26.1

Operating Systems: macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Intel-based Mac computers, not Apple Silicon Macs.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious app gains unauthorized access to sensitive user data like passwords, financial information, or personal documents through bypassed security controls.

🟠

Likely Case

Malicious app accesses limited user data or system information by exploiting code-signing downgrade to run with elevated privileges.

🟢

If Mitigated

App sandboxing and other macOS security layers limit data exposure even if downgrade occurs.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to install/run malicious app; exploitation depends on bypassing code-signing restrictions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.7.2, macOS Tahoe 26.1

Vendor Advisory: https://support.apple.com/en-us/125634

Restart Required: Yes

Instructions:

1. Open System Settings 2. Click General 3. Click Software Update 4. Install available updates 5. Restart when prompted

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Only allow apps from App Store and identified developers in System Settings

🧯 If You Can't Patch

Use application allowlisting to restrict which apps can run
Implement strict user privilege management and avoid admin accounts for daily use

🔍 How to Verify

Check if Vulnerable:

Check macOS version in System Settings > General > About and processor type in About This Mac

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version is 15.7.2 or later for Sequoia, or 26.1 or later for Tahoe

📡 Detection & Monitoring

Log Indicators:

Unusual code-signing validation failures in system logs
Unexpected app execution with elevated privileges

Network Indicators:

Unusual outbound connections from newly installed apps

SIEM Query:

Process execution events where code-signing validation shows downgrade patterns

📊 Metadata

CVE ID: CVE-2025-43390

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-347

EPSS Score: 0.01% exploit probability (0.5th percentile)

Published: November 4, 2025

Last Updated: December 17, 2025

🔗 References

https://support.apple.com/en-us/125634
https://support.apple.com/en-us/125635 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43390, you might also want to check these: