PatchSiren cyber security CVE debrief
CVE-2025-43278 Apple CVE debrief
CVE-2025-43278 is a medium-severity vulnerability (CVSS Score: 5.5) that was addressed with improved handling of symlinks. The issue is fixed in macOS Sequoia 15.4. According to the CVE description, an app may be able to access protected user data. The CVE was published on [cvePublishedAt] and modified on [cveModifiedAt].
- Vendor
- Apple
- Product
- macOS
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of macOS Sequoia 15.4 and administrators of affected systems should prioritize patching this vulnerability to prevent potential unauthorized access to protected user data.
Technical summary
The vulnerability (CVE-2025-43278) was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch: Update to macOS Sequoia 15.4 or later.
- See [ref-4](https://support.apple.com/en-us/122373) for more information.
Evidence notes
The vendor is likely Apple, as indicated by the evidence in the CVE record and the reference to the Apple support page [ref-4].
Official resources
-
CVE-2025-43278 CVE record
CVE.org
-
CVE-2025-43278 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-43278 was published on 2026-06-11T19:16:33.393Z and modified on 2026-06-12T22:16:47.710Z.