Sandbox Escape Vulnerability in Apple Operating Systems
CVE-2025-43407

7.8HIGH

Key Information:

Vendor

Apple
Status
Mac OS
TV OS
Visionos
iOS And iPad OS
Vendor
CVE Published:
4 November 2025

What is CVE-2025-43407?

This vulnerability allows an application to potentially escape its designated sandbox, compromising the security model designed to isolate user data and system resources. Apple has addressed this issue in their latest updates for visionOS, macOS, iOS, iPadOS, and tvOS by improving entitlements. Users are encouraged to update to the latest versions to enhance their security posture.

Affected Version(s)

iOS and iPadOS < 26.1

macOS < 14.8

macOS < 26.1

References

https://support.apple.com/en-us/125636
https://support.apple.com/en-us/125637
https://support.apple.com/en-us/125634

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-43407 : Sandbox Escape Vulnerability in Apple Operating Systems