Logic Vulnerability in macOS Products by Apple
CVE-2025-43518

3.3LOW

Key Information:

Vendor

Apple
Status
Mac OS
iOS And iPad OS
Watch OS
Vendor
CVE Published:
12 December 2025

What is CVE-2025-43518?

A logic issue in certain versions of macOS, specifically macOS Sonoma 14.8.3 and macOS Sequoia 15.7.3, could allow applications to gain inappropriate access to files through the spellcheck API. This vulnerability has been addressed with improved validation checks to ensure that unauthorized file access is prevented. Users are encouraged to update their systems to mitigate potential risks associated with this issue.

Affected Version(s)

iOS and iPadOS < 26.2

macOS < 14.8

macOS < 15.7

References

https://support.apple.com/en-us/125888
https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125887

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-43518 : Logic Vulnerability in macOS Products by Apple