CVE-2025-43296

Published Oct 9, 2025

Last updated 4 days ago

CVSS medium 5.5

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-43296 is a logic vulnerability in Apple macOS that allows an application to bypass Gatekeeper security checks. Gatekeeper is a macOS security feature designed to prevent untrusted or malicious software from running. The vulnerability arises from insufficient validation checks within Gatekeeper, allowing malicious or unverified applications to run on the system without triggering Gatekeeper's warnings or blocks. This flaw enables potentially malicious apps to execute without proper validation, increasing the risk of unauthorized code execution. The issue is fixed in macOS Tahoe 26.

Description
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
Source
product-security@apple.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-352

Social media

Hype score
Not currently trending

  1. Sal (@malwarezoo) from @jamf gave an excellent talk at #OBTS of how Apple tracks and revokes malicious apps. But Revoked doesn’t always mean Vanquished! Sal found a Gatekeeper/CDHash weakness that brings blocked apps back to life — no re-signing required. #CVE-2025-43296 htt

    @forensicdave

    17 Oct 2025

    1741 Impressions

    8 Retweets

    20 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  2. to share my research on how Apple revokes ad-hoc signed malware. Just in time for my talk, CVE-2025-43296 fixes a user-assisted Gatekeeper bypass allowing revoked ad-hoc signed malware to execute. Be sure to check out "Revoked, Not Dead: When CDHash Revocation Fails to Kill." h

    @minacrissDev_

    13 Oct 2025

    789 Impressions

    1 Retweet

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  3. Excited to be presenting again at #OBTS to share my research on how Apple revokes ad-hoc signed malware. Just in time for my talk, CVE-2025-43296 fixes a user-assisted Gatekeeper bypass allowing revoked ad-hoc signed malware to execute. Be sure to check out "Revoked, Not Dead:

    @malwarezoo

    12 Oct 2025

    3893 Impressions

    3 Retweets

    21 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  4. CVE-2025-43296 A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. https://t.co/Hq9AWiqu1d

    @CVEnew

    9 Oct 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.