Path Handling Vulnerability in Apple Operating Systems
CVE-2025-43190

5.5MEDIUM

Key Information:

Vendor

Apple

Vendor
CVE Published:
15 September 2025

What is CVE-2025-43190?

A parsing issue related to directory path handling exists in various Apple operating systems, potentially allowing applications to access sensitive user data. This vulnerability has been addressed with improved path validation in the latest software updates for macOS, iOS, iPadOS, watchOS, and visionOS. Users are encouraged to update their devices to the latest versions to mitigate any risks associated with this issue.

Affected Version(s)

iOS and iPadOS < 26

macOS < 14.8

macOS < 26

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.