Symlink Vulnerability in Apple macOS Sequoia Products
CVE-2025-43252

6.5MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-43252?

A security flaw exists in macOS Sequoia that allows a website to access sensitive user data by resolving symbolic links without proper user consent. To mitigate this security risk, an additional user consent prompt has been introduced, enhancing the protection of user information. The vulnerability has been addressed in version 15.6 of the operating system, ensuring users have better safeguards against unauthorized data access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

macOS < 15.6

References

https://support.apple.com/en-us/124149

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2025

JSON

Apple