CVE-2025-43220_CVE-2025-43220

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.

Basic Information

ID CVE-2025-43220

Source apple

Published Jul 29, 2025 at 23:29

Modified Jul 31, 2025 at 17:56

Affected Product

Vendor Apple

Product iPadOS

Version unspecified

Affected Versions Apple iPadOS unspecified
Apple macOS unspecified
Apple macOS unspecified
Apple macOS unspecified

CWE Classification

CWE-59

References

{
    "lastseen": "",
    "description": "This issue was addressed with improved validation of symlinks. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.",
    "published": "2025-07-29T23:29:28.537Z",
    "modified": "2025-07-31T17:56:39.669Z",
    "type": "cve",
    "title": "CVE-2025-43220",
    "source": "apple",
    "references": "https://support.apple.com/en-us/124148\nhttps://support.apple.com/en-us/124149\nhttps://support.apple.com/en-us/124150\nhttps://support.apple.com/en-us/124151",
    "id": "CVE-2025-43220",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "Apple iPadOS unspecified\nApple macOS unspecified\nApple macOS unspecified\nApple macOS unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iPadOS",
    "version": "unspecified",
    "vendor": "Apple",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}