Description
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to modify protected parts of the file system.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Modification of Protected File System
Action: Apply Patch
AI Analysis

Impact

This vulnerability involves insufficient validation of symbolic links, allowing an application to alter protected portions of the macOS file system. The flaw can be exploited by manipulating symlink handling to overwrite or delete critical system files, potentially leading to configuration corruption, data loss, or a broader OS compromise. The weakness is classified as CWE‑59, reflecting improper restriction of operations on file system paths.

Affected Systems

The issue affects all macOS releases prior to macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1. Apple has issued patches in those newer releases, but earlier versions remain vulnerable.

Risk and Exploitability

The CVSS score is 5.5, indicating a moderate severity. The EPSS score is less than 1%, suggesting a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is likely local or application‑directed, requiring the attacker to execute code with the privileges of the compromised application to construct or resolve the malicious symlink.

Generated by OpenCVE AI on April 22, 2026 at 21:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, or macOS Tahoe 26.1 to receive the symlink validation fix.
  • If a timely update is not feasible, configure the system to restrict symbolic link manipulation in applications that run with elevated privileges, limiting their ability to target protected directories.
  • Audit and monitor applications that create or resolve symbolic links, and enforce policies that block links pointing to system file locations.

Generated by OpenCVE AI on April 22, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Title Symlink Validation Issue Enabling Modification of Protected File System

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to modify protected parts of the file system. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to modify protected parts of the file system.

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to modify protected parts of the file system. This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.7.2, macOS Tahoe 26.1, macOS Sonoma 14.8.2. An app may be able to modify protected parts of the file system.
References

Tue, 04 Nov 2025 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma

Tue, 04 Nov 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-59
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to modify protected parts of the file system.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:59.996Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43446

cve-icon Vulnrichment

Updated: 2025-11-04T12:59:59.883Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:50.353

Modified: 2026-04-02T19:20:48.333

Link: CVE-2025-43446

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T21:30:27Z

Weaknesses