CVE-2025-43526

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.2 Safari versions prior to 26.2

Description A flaw exists due to improved URL validation. Specifically, on a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.

Recommendations Update to macOS Tahoe 26.2. Update to Safari 26.2.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2025-43526

Affected Products

Apple Macos

Safari

CVE-2025-43526

Weakness Enumeration

Related Identifiers

Affected Products

References · 6