CVE-2025-43522

Description

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access user-sensitive data.

CVSS Details

CVSS Score

3.3

Severity

LOW

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Sequoia < 15.7.3

macOS Tahoe < 26.2

所有基于Intel处理器的Apple Mac计算机

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-43522 PoC概念验证（代码签名降级检测）
# Note: This is for educational and research purposes only

import subprocess
import plistlib
import os

def check_code_signature_status(binary_path):
    """Check if a binary has valid code signature"""
    try:
        result = subprocess.run(
            ['codesign', '-vv', binary_path],
            capture_output=True,
            text=True,
            timeout=10
        )
        return result.stdout, result.returncode
    except Exception as e:
        return str(e), -1

def check_system_version():
    """Check macOS version to determine vulnerability status"""
    try:
        result = subprocess.run(
            ['sw_vers', '-productVersion'],
            capture_output=True,
            text=True,
            timeout=5
        )
        version = result.stdout.strip()
        
        # Check if system is vulnerable (versions before 15.7.3 for Sequoia)
        if version.startswith('15.'):
            major, minor, patch = map(int, version.split('.')[:3])
            if patch < 7 or (patch == 7 and len(version.split('.')) > 3 and int(version.split('.')[3]) < 3):
                return version, True
        return version, False
    except:
        return 'Unknown', None

def main():
    print("=" * 60)
    print("CVE-2025-43522 Detection Tool")
    print("Code Signing Downgrade Vulnerability Checker")
    print("=" * 60)
    
    # Check system version
    version, is_vulnerable = check_system_version()
    print(f"\nSystem Version: {version}")
    
    if is_vulnerable:
        print("[!] System may be VULNERABLE to CVE-2025-43522")
        print("[!] Recommendation: Update to macOS Sequoia 15.7.3 or later")
    elif is_vulnerable is False:
        print("[+] System appears to be PATCHED")
    else:
        print("[?] Unable to determine vulnerability status")
    
    # Check critical system binaries
    critical_bins = [
        '/usr/libexec/cfprefsd',
        '/System/Library/CoreServices/SystemVersion.plist',
        '/usr/bin/codesign'
    ]
    
    print("\nChecking code signatures of critical binaries:")
    for binary in critical_bins:
        if os.path.exists(binary):
            stdout, retcode = check_code_signature_status(binary)
            status = "VALID" if retcode == 0 else "INVALID/EXPIRED"
            print(f"  {binary}: {status}")

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-43522
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-43522
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-43522/
[4] VulDB https://vuldb.com/cve/CVE-2025-43522
[5] https://support.apple.com/en-us/125886
[6] https://support.apple.com/en-us/125887

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-43522", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:57.020", "lastModified": "2026-04-02T19:20:59.410", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access user-sensitive data."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "15.7.3", "matchCriteriaId": "E955E39D-E7C5-4951-BF50-08257F1BAC61"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125886", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125887", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}