Description
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service.
Published: 2025-07-29
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A path handling issue caused macOS applications to lack proper validation of file paths, allowing an application to exploit this weakness and trigger a denial of service. The flaw is a file‑path traversal vulnerability identified as CWE‑22 and can cause a system or application to crash or become unresponsive.

Affected Systems

The vulnerability affects Apple macOS across its product lines. Versions prior to macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7 are susceptible. All earlier releases of these operating systems are impacted until the fixes available in the listed updates are applied.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity, while an EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not present in the CISA KEV catalog. Attackers would need to run a malicious application on the affected system to attempt the path traversal and induce a denial of service; no remote exploitation path is described in the data.

Generated by OpenCVE AI on April 28, 2026 at 00:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.6 or later.
  • Upgrade macOS to Sonoma 14.7.7 or later.
  • Upgrade macOS to Ventura 13.7.7 or later.

Generated by OpenCVE AI on April 28, 2026 at 00:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23064 A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service.
History

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 31 Jul 2025 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 30 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 30 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura

Wed, 30 Jul 2025 00:15:00 +0000

Type Values Removed Values Added
Description A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause a denial-of-service.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma Macos Ventura
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:42.489Z

Reserved: 2025-04-16T15:24:37.087Z

Link: CVE-2025-43191

cve-icon Vulnrichment

Updated: 2025-07-30T14:09:47.208Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:31.947

Modified: 2025-11-03T20:18:50.290

Link: CVE-2025-43191

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:30:15Z

Weaknesses