CVE-2025-43329 - Vulnerability Details

A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to break out of its sandbox.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apple	Ios Ipados Iphone Os Macos Tvos Watchos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Sep/49
http://seclists.org/fulldisclosure/2025/Sep/53
http://seclists.org/fulldisclosure/2025/Sep/57
https://support.apple.com/en-us/125108
https://support.apple.com/en-us/125114
https://support.apple.com/en-us/125116

History

Tue, 04 Nov 2025 02:30:00 +0000

Type	Values Removed	Values Added
References	https://support.apple.com/en-us/125110

Tue, 04 Nov 2025 01:45:00 +0000

Type	Values Removed	Values Added
Description	A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox.	A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26, iOS 26 and iPadOS 26, watchOS 26. An app may be able to break out of its sandbox.

Mon, 03 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Sep/49 http://seclists.org/fulldisclosure/2025/Sep/53 http://seclists.org/fulldisclosure/2025/Sep/57

Wed, 17 Sep 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple iphone Os
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple iphone Os

Wed, 17 Sep 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios Apple ipados Apple macos Apple tvos Apple watchos
Vendors & Products		Apple Apple ios Apple ipados Apple macos Apple tvos Apple watchos

Tue, 16 Sep 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 16 Sep 2025 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Mon, 15 Sep 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description		A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox.
References		https://support.apple.com/en-us/125108 https://support.apple.com/en-us/125110 https://support.apple.com/en-us/125114 https://support.apple.com/en-us/125116

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-09-15T22:35:38.847Z

Updated: 2025-11-04T01:17:37.163Z

Reserved: 2025-04-16T15:24:37.109Z

Link: CVE-2025-43329

Vulnrichment

Updated: 2025-11-03T18:11:24.566Z

NVD

Status : Modified

Published: 2025-09-15T23:15:35.620

Modified: 2025-11-04T02:15:39.757

Link: CVE-2025-43329

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object