CVE-2025-43516
LOWDescription
A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user's activity.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apple | macos |
| apple | macos |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-43516? +
How severe is CVE-2025-43516? +
What products are affected by CVE-2025-43516? +
How do I check if I'm vulnerable to CVE-2025-43516? +
Related Vulnerabilities
KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with …
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of …
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could …
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same …
Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from …
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially …