CVE-2025-43184

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-43184
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.4. A shortcut may be able to bypass sensitive Shortcuts app settings.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/122373 Release Notes Vendor Advisory
https://support.apple.com/en-us/124150 Release Notes Vendor Advisory
https://support.apple.com/en-us/124151 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jul/33
http://seclists.org/fulldisclosure/2025/Jul/34
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
History

03 Nov 2025, 20:18

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Jul/33 -
  • () http://seclists.org/fulldisclosure/2025/Jul/34 -

31 Jul 2025, 20:56

Type Values Removed Values Added
References () https://support.apple.com/en-us/122373 - () https://support.apple.com/en-us/122373 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/124150 - () https://support.apple.com/en-us/124150 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/124151 - () https://support.apple.com/en-us/124151 - Release Notes, Vendor Advisory
CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
First Time Apple
Apple macos

31 Jul 2025, 18:15

Type Values Removed Values Added
Summary
  • (es) Este problema se solucionó añadiendo una solicitud adicional de consentimiento del usuario. Este problema está corregido en macOS Sonoma 14.7.7, macOS Ventura 13.7.7 y macOS Sequoia 15.4. Un acceso directo podría omitir la configuración sensible de la aplicación Accesos directos.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-284

30 Jul 2025, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-30 00:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-43184

Mitre link : CVE-2025-43184

CVE.ORG link : CVE-2025-43184

JSON object : View

Products Affected

apple

  • macos
CWE
CWE-284

Improper Access Control