Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination.
Published: 2025-07-29
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑Bounds Read
Action: Apply Update
AI Analysis

Impact

Maliciously crafted files can trigger an out‑of‑bounds read due to missing bounds checking, leading to process termination. The flaw corresponds to CWE‑125 and results in a denial‑of‑service condition for the affected application or system service.

Affected Systems

The vulnerability affects Apple macOS across all recent products, with the fix implemented in macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. Versions of macOS before these releases remain vulnerable.

Risk and Exploitability

This flaw has a CVSS score of 7.1 and an EPSS score of less than 1 %, indicating it is not highly likely to be exploited. It is not listed in the CISA KEV catalog. Exploitation requires a malicious file to be processed by a target system, so the attack vector is via local or remote file delivery. The impact is a denial of service through unexpected application or service termination.

Generated by OpenCVE AI on April 28, 2026 at 00:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7 or later as released by Apple
  • Avoid opening or executing untrusted files from unknown sources until the update is applied
  • Use macOS quarantine or application sandbox settings to limit the execution of external content

Generated by OpenCVE AI on April 28, 2026 at 00:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23104 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination.
History

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Title Out‑Of‑Bounds Read Leading to Application Termination in macOS

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 01 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Thu, 31 Jul 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 31 Jul 2025 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H'}

Wed, 30 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura

Tue, 29 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. Processing a maliciously crafted file may lead to unexpected app termination.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma Macos Ventura
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:28.192Z

Reserved: 2025-04-16T15:24:37.091Z

Link: CVE-2025-43239

cve-icon Vulnrichment

Updated: 2025-07-30T13:31:19.301Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:35.783

Modified: 2025-11-03T20:18:55.740

Link: CVE-2025-43239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:00:10Z

Weaknesses