Downgrade Issue in Intel-Based Mac Computers Affects User Data Security
CVE-2025-43390

5.5MEDIUM

Key Information:

Vendor

Apple
Status
Mac OS
Vendor
CVE Published:
4 November 2025

What is CVE-2025-43390?

A security issue impacting Intel-based Mac computers has been identified, where a downgrade vulnerability could permit unauthorized access to sensitive user data. To mitigate this risk, Apple has implemented enhanced code-signing restrictions to secure the system environment. Users are encouraged to update to macOS Sequoia version 15.7.2 or later to ensure their devices are protected against potential exploitation.

Affected Version(s)

macOS < 15.7

References

https://support.apple.com/en-us/125635

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.