Home / Vulnerability Intelligence / CVE-2025-43257

CVE-2025-43257 - Vulnerability Analysis

HighCVSS: 8.7

Last Updated: April 3, 2026

Apple macOS Sequoia - Sandbox Escape

Published: April 2, 2026Updated: April 3, 2026

Overview

Apple macOS Sequoia 15.6 contains a sandbox escape caused by improper handling of symlinks, letting apps break out of their sandbox, exploit requires app execution within sandbox.

Severity & Score

Severity: High

CVSS Score: 8.7

EPSS Score: 1.0%(Probability of exploitation in next 30 days)

Impact

An app can break out of its sandbox, potentially leading to privilege escalation or unauthorized access.

Mitigation

Update to macOS Sequoia 15.6 or later.

References

https://support.apple.com/en-us/124149

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 3, 2026

🟠 CVE-2025-43257 - High (8.7) This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-43257/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-43257
Severity: High
CVSS Score: 8.7
Type: broken_access_control
Status: confirmed
EPSS: 1.0%
Social Posts: 1

CWE

CWE-59

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

EPSS Score

1.0%Probability of exploitation in the next 30 days