Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
Published: 2025-09-15
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

An out‑of‑bounds read occurs when an application accesses memory beyond its allowed bounds, allowing an attacker to trigger a crash. The flaw is mitigated in macOS Tahoe 26 through improved bounds checking, but on older systems it can cause unexpected system termination. The weakness is CWE‑125 and does not provide remote code execution; its primary impact is denial of service as the operating system or running services may become unavailable.

Affected Systems

Apple macOS releases older than macOS Tahoe 26 are affected. The vulnerability is resolved in macOS Tahoe 26 and later, so any macOS version before that remains vulnerable.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity, and the EPSS score of <1% suggests a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Since the flaw requires triggering an out‑of‑bounds read inside the operating system, it is most likely exploitable by a local or privileged application, meaning an attacker needs local execution or the ability to run a malicious app on the target machine. If such code runs, the resulting crash could deny service to legitimate users.

Generated by OpenCVE AI on April 28, 2026 at 10:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the machine to macOS Tahoe 26 or later to receive the bounds‑checking fix.
  • Reboot the system after the upgrade to ensure the new kernel routines are active.
  • If an immediate upgrade is not possible, identify applications capable of triggering the out‑of‑bounds read and quarantine or uninstall them to prevent crashes.
  • Continuously monitor for system crashes and apply future macOS updates as they become available.

Generated by OpenCVE AI on April 28, 2026 at 10:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29287 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
History

Tue, 28 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read Causing System Termination in Apple macOS

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 16 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:54.600Z

Reserved: 2025-04-16T15:24:37.101Z

Link: CVE-2025-43283

cve-icon Vulnrichment

Updated: 2025-11-03T18:09:57.936Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:31.843

Modified: 2025-11-03T19:15:56.190

Link: CVE-2025-43283

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:45:29Z

Weaknesses