Remote Code Execution Vulnerability in Compressor by Apple
CVE-2025-43515

8.8HIGH

Key Information:

Vendor: Apple
Status: Compressor
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-43515?

A vulnerability exists in Compressor that allows an unauthenticated user on the same network to potentially execute arbitrary code. The issue arises from the software's previous allowance of external connections, which has now been addressed in the recent update to version 4.11.1. To mitigate this risk, users are advised to upgrade to the latest version and ensure their network security practices are robust.

Affected Version(s)

Compressor < 4.11

References

https://support.apple.com/en-us/125693

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Apr 16, 2025

JSON