Symlink Vulnerability in macOS Products by Apple
CVE-2025-43446

5.5MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-43446?

A symlink vulnerability exists in macOS, enabling applications to potentially modify protected areas of the file system. This security issue could allow unauthorized changes to critical system files, undermining system integrity. The problem has been resolved with improved symlink validation in the latest updates for macOS Sonoma and Sequoia. Users are advised to update their systems to ensure enhanced protection.

Affected Version(s)

macOS < 14.8

macOS < 15.7

References

https://support.apple.com/en-us/125636

https://support.apple.com/en-us/125635

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON