Access Issue in Apple Products due to Insufficient Sandbox Restrictions
CVE-2025-43413

7.5HIGH

Key Information:

Vendor: Apple
Status: Mac OS; TV OS; Visionos; Watch OS
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-43413?

An access control vulnerability was identified in Apple’s operating systems, allowing a sandboxed application the potential to observe system-wide network connections. This issue stems from inadequate restrictions placed on sandboxing protocols, which should isolate apps from system resources. Apple has addressed this concern in the following versions: visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, watchOS 26.1, iOS 26.1, iPadOS 26.1, and tvOS 26.1. Users are encouraged to update to these versions to enhance their system security against potential exploits.

Affected Version(s)

iOS and iPadOS < 26.1

macOS < 14.8

macOS < 15.7

References

https://support.apple.com/en-us/125636

https://support.apple.com/en-us/125637

https://support.apple.com/en-us/125638

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON