State Management Flaw in Apple macOS Sequoia Exposes Password Fields
CVE-2025-43542

7.5HIGH

Key Information:

Vendor

Apple
Status
iOS And iPad OS
Visionos
Mac OS
Vendor
CVE Published:
12 December 2025

What is CVE-2025-43542?

A state management flaw in macOS Sequoia allows password fields to be unintentionally revealed during remote control sessions over FaceTime. This can compromise the confidentiality of sensitive information when users are interacting with their devices remotely. Apple has addressed this issue in version 15.7.3 of macOS Sequoia, enhancing its security measures to prevent such lapses.

Affected Version(s)

iOS and iPadOS < 18.7

iOS and iPadOS < 26.2

macOS < 15.7

References

https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125891

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-43542 : State Management Flaw in Apple macOS Sequoia Exposes Password Fields