CVE-2025-43296

Published Oct 9, 2025

Last updated 5 months ago

CVSS medium 5.5

Overview

Description
A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
Source
product-security@apple.com
NVD status
Analyzed
Products
macos

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-352

Social media

Hype score
Not currently trending

  1. Sal (@malwarezoo) from @jamf gave an excellent talk at #OBTS of how Apple tracks and revokes malicious apps. But Revoked doesn’t always mean Vanquished! Sal found a Gatekeeper/CDHash weakness that brings blocked apps back to life — no re-signing required. #CVE-2025-43296 htt

    @forensicdave

    17 Oct 2025

    1741 Impressions

    8 Retweets

    20 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  2. to share my research on how Apple revokes ad-hoc signed malware. Just in time for my talk, CVE-2025-43296 fixes a user-assisted Gatekeeper bypass allowing revoked ad-hoc signed malware to execute. Be sure to check out "Revoked, Not Dead: When CDHash Revocation Fails to Kill." h

    @minacrissDev_

    13 Oct 2025

    789 Impressions

    1 Retweet

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  3. Excited to be presenting again at #OBTS to share my research on how Apple revokes ad-hoc signed malware. Just in time for my talk, CVE-2025-43296 fixes a user-assisted Gatekeeper bypass allowing revoked ad-hoc signed malware to execute. Be sure to check out "Revoked, Not Dead:

    @malwarezoo

    12 Oct 2025

    3893 Impressions

    3 Retweets

    21 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  4. CVE-2025-43296 A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. https://t.co/Hq9AWiqu1d

    @CVEnew

    9 Oct 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700
  2. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.CVE-2026-20681
  3. The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.CVE-2026-20680
  4. A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.CVE-2026-20677
  5. This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.CVE-2026-20676

References

Sources include official advisories and independent security research.