anonhaven
Ad

CVE-2025-43238

MEDIUM CVSS 3.1: 6.2 EPSS 0.01%
Updated Apr 03, 2026
Apple
Parameter Value
CVSS 6.2 (MEDIUM)
Affected Versions 13.0 — 15.6
Fixed In 13.7.7
Type CWE-190 (Integer Overflow)
Vendor Apple
Public PoC No

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-190 Integer Overflow

Vulnerable Products 3

Configuration From (including) Up to (excluding)
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
 13.0 13.7.7
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
 14.0 14.7.7
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
 15.0 15.6

References 3

https://support.apple.com/en-us/124149
NVD
https://support.apple.com/en-us/124150
NVD
https://support.apple.com/en-us/124151
NVD
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-43264

Apple

8.8

CVE-2025-43257

Apple

8.7

CVE-2025-43236

Apple

3.3

CVE-2025-43219

Apple

8.8

CVE-2025-43210

Apple

6.3