Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
Published: 2025-09-15
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox Escape
Action: Patch
AI Analysis

Impact

A permissions defect in macOS allows a sandboxed application to abuse authorization controls, potentially enabling the application to run code outside its containment and access protected system resources. The flaw is classed as a missing authorization weakness, which can lead to compromise of confidentiality, integrity, or availability on the device by an attacker who gains a foothold through a malicious or vulnerable app.

Affected Systems

Apple macOS environments prior to the following releases are affected: macOS Sequoia earlier than version 15.7, macOS Sonoma earlier than version 14.8, and macOS Tahoe earlier than version 26. The vulnerability was remedied in the listed releases, so systems running those or later versions are not impacted.

Risk and Exploitability

With a CVSS score of 7.8, the flaw is classified as high impact, but the EPSS score of less than 1% indicates that current exploitation activity is very low. The vulnerability is not listed in the CISA KEV catalog, suggesting no known in‑the‑wild exploitation yet. The attack scenario likely requires the attacker to have a sandboxed application already running, or to trick the user into installing a malicious app that leverages the permissions weakness to escape the sandbox. No publicly available exploits have been documented at this time.

Generated by OpenCVE AI on April 28, 2026 at 10:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to version 15.7 or later on Sequoia, 14.8 or later on Sonoma, or 26 or later on Tahoe
  • Apply the security updates referenced in Apple support articles 125110, 125111, and 125112
  • Limit the installation and use of third‑party sandboxed applications, especially those with elevated privileges or that request broad system access

Generated by OpenCVE AI on April 28, 2026 at 10:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29318 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
History

Tue, 28 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Title Permissions-based Sandbox Escape Vulnerability in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
References

Tue, 04 Nov 2025 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to break out of its sandbox.

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Tahoe

Tue, 16 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:16:30.633Z

Reserved: 2025-04-16T15:24:37.102Z

Link: CVE-2025-43286

cve-icon Vulnrichment

Updated: 2025-11-03T18:10:04.887Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:32.050

Modified: 2026-04-02T19:20:20.290

Link: CVE-2025-43286

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:45:29Z

Weaknesses