Symlink Vulnerability in Apple macOS Sequoia Products
CVE-2025-43252

Currently unrated

Key Information:

Vendor: Apple
Status: macOS Sequoia
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-43252?

A security flaw exists in macOS Sequoia that allows a website to access sensitive user data by resolving symbolic links without proper user consent. To mitigate this security risk, an additional user consent prompt has been introduced, enhancing the protection of user information. The vulnerability has been addressed in version 15.6 of the operating system, ensuring users have better safeguards against unauthorized data access.

References

https://support.apple.com/en-us/124149

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025