Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
Published: 2025-09-15
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to Root
Action: Patch
AI Analysis

Impact

A permissions flaw allows a malicious or improperly designed application to acquire root privileges on affected Apple macOS installations. The vulnerability is rooted in a failure of the operating system to enforce adequate restrictions, as classified under CWE‑862. Attackers who can run or influence a local application may leverage this deficiency to elevate their privileges, potentially compromising system integrity and confidentiality.

Affected Systems

Apple’s macOS is impacted, including the Sonoma and Tahoe operating system families. Vulnerable releases are those prior to macOS Sonoma 14.8 and macOS Tahoe 26; updates to these releases contain a fix that imposes the necessary restrictions.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity potential. The EPSS score of less than 1 % suggests a very low probability of exploitation at the time of this analysis, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local, wherein an application running with user privileges can trigger the permissions flaw to gain root. No remote exploitation pathway is documented in the available description.

Generated by OpenCVE AI on April 28, 2026 at 18:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the operating system to macOS Sonoma 14.8 or macOS Tahoe 26 to apply the fix
  • Ensure that all installed applications are signed by trusted developers and are up-to-date; remove or update any unsigned or legacy applications that may exploit the flaw
  • Enable System Integrity Protection and Gatekeeper to block unsigned or unauthorized applications from running
  • Monitor system logs for unexpected privilege escalation attempts or anomalous behavior

Generated by OpenCVE AI on April 28, 2026 at 18:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29315 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
History

Tue, 28 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Title macOS Root Privilege Escalation via Permission Flaw

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8. An app may be able to gain root privileges. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
References

Tue, 04 Nov 2025 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges. A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8. An app may be able to gain root privileges.

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sonoma
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Sonoma
Apple macos Tahoe

Tue, 16 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 16 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
References

Subscriptions

Apple Macos Macos Sonoma Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:11.369Z

Reserved: 2025-04-16T15:24:37.110Z

Link: CVE-2025-43341

cve-icon Vulnrichment

Updated: 2025-11-03T18:11:35.459Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:36.377

Modified: 2026-04-02T19:20:30.067

Link: CVE-2025-43341

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T18:45:15Z

Weaknesses