Login Sign Up

CVE-2025-43413

7.5 HIGH

📋 TL;DR

This vulnerability allows sandboxed applications on Apple operating systems to observe system-wide network connections, potentially exposing sensitive network traffic information. It affects multiple Apple platforms including iOS, macOS, tvOS, watchOS, and visionOS. The issue has been addressed in recent updates.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
  • watchOS
  • visionOS
Versions: Versions prior to tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple tvOS, Apple watchOS, Apple visionOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default configurations of the listed Apple operating systems before the patched versions.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

A malicious sandboxed app could monitor all network connections on the device, potentially capturing sensitive data, credentials, or communication patterns that could be used for further attacks.

🟠

Likely Case

An app could gather information about network services, connections, and potentially infer user behavior or device usage patterns through network observation.

🟢

If Mitigated

With proper sandbox restrictions, apps would be limited to observing only their own network connections, preventing system-wide monitoring.

🌐 Internet-Facing: LOW - This is primarily a local device vulnerability requiring app installation.
🏢 Internal Only: MEDIUM - Malicious apps could monitor internal network communications on affected devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious sandboxed app to be installed on the target device. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1

Vendor Advisory: https://support.apple.com/en-us/125632

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from trusted sources and the official App Store to reduce risk of malicious sandboxed apps.

Network Segmentation

all

Segment sensitive network traffic to limit exposure if a device is compromised.

🧯 If You Can't Patch

  • Monitor for unusual network monitoring behavior from sandboxed applications
  • Implement application allowlisting to control which apps can run on devices

🔍 How to Verify

Check if Vulnerable:

Check the device's operating system version against the affected versions listed in the affected_systems section.

Check Version:

On Apple devices: Settings > General > About > Software Version

Verify Fix Applied:

Verify the device is running one of the patched versions: tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1, iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or visionOS 26.1.

📡 Detection & Monitoring

Log Indicators:

  • Unusual network monitoring activity from sandboxed applications
  • Apps requesting network monitoring permissions beyond their stated purpose

Network Indicators:

  • Suspicious outbound connections from sandboxed apps to unknown destinations
  • Unusual network traffic patterns from individual apps

SIEM Query:

process_name:"sandboxed_app" AND network_connection_count > threshold AND destination_ip NOT IN allowed_networks

📊 Metadata

CVE ID: CVE-2025-43413
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-284
EPSS Score: 0.08% exploit probability (22.4th percentile)
Published: November 4, 2025
Last Updated: December 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-43413, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)