Description
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.
Published: 2025-12-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Deletion of protected user data
Action: Patch
AI Analysis

Impact

A flaw in the way macOS processes symbolic links can allow a malicious application to remove data that should be protected. The vulnerability is a classic example of CWE‑59, which involves unsafe relative path resolution. An attacker who can run or trick a user into installing a malicious app can use the improper symlink handling to target files that the system otherwise considers secure, resulting in data loss.

Affected Systems

Apple macOS is affected by this issue. The vulnerability exists in all releases prior to macOS Tahoe 26.1, which contains the fix. No specific sub‑versions are listed, so any macOS build before 26.1 is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate impact. The EPSS score is below 1 %, suggesting a low likelihood of widespread exploitation. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be local: a malicious application or user script that runs with the user’s privileges must gain access to the operating system to abuse the symlink handling. No network‑based exploitation is described in the provided data.

Generated by OpenCVE AI on April 28, 2026 at 10:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Tahoe 26.1 or later
  • Limit installation of applications to trusted sources such as the Mac App Store and disable the installation of unsigned applications
  • Configure automated backups to recover deleted data if accidental removal occurs

Generated by OpenCVE AI on April 28, 2026 at 10:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125634 cve-icon cve-icon
History

Tue, 28 Apr 2026 10:45:00 +0000

Type Values Removed Values Added
Title Improper Symlink Handling Enables Deletion of Protected User Data

Mon, 15 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Dec 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-59
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Tahoe
Vendors & Products Apple
Apple macos
Apple macos Tahoe

Fri, 12 Dec 2025 21:15:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to delete protected user data.
References

Subscriptions

Apple Macos Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:13.797Z

Reserved: 2025-04-16T15:24:37.116Z

Link: CVE-2025-43381

cve-icon Vulnrichment

Updated: 2025-12-15T13:40:30.357Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-12T21:15:53.517

Modified: 2025-12-15T22:01:18.707

Link: CVE-2025-43381

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:30:29Z

Weaknesses