VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ksgy-zrvt-13hq

Essentials
Severities (33)
References (21)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ksgy-zrvt-13hq
Aliases	CVE-2025-43240
Summary	A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-703

Improper Check or Handling of Exceptional Conditions

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43240.json
epss	0.0001	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00013	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00016	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2025-43240
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.2	https://support.apple.com/en-us/124149
ssvc	Track	https://support.apple.com/en-us/124149
cvssv3.1	6.2	https://support.apple.com/en-us/124152
ssvc	Track	https://support.apple.com/en-us/124152

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43240.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-43240
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43240
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
124149		https://support.apple.com/en-us/124149
124152		https://support.apple.com/en-us/124152
2384385		https://bugzilla.redhat.com/show_bug.cgi?id=2384385
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
CVE-2025-43240		https://nvd.nist.gov/vuln/detail/CVE-2025-43240
RHSA-2025:13780		https://access.redhat.com/errata/RHSA-2025:13780
RHSA-2025:13782		https://access.redhat.com/errata/RHSA-2025:13782
RHSA-2025:14421		https://access.redhat.com/errata/RHSA-2025:14421
RHSA-2025:14422		https://access.redhat.com/errata/RHSA-2025:14422
RHSA-2025:14423		https://access.redhat.com/errata/RHSA-2025:14423
RHSA-2025:14432		https://access.redhat.com/errata/RHSA-2025:14432
RHSA-2025:14433		https://access.redhat.com/errata/RHSA-2025:14433
RHSA-2025:14434		https://access.redhat.com/errata/RHSA-2025:14434
RHSA-2025:14486		https://access.redhat.com/errata/RHSA-2025:14486
RHSA-2025:15729		https://access.redhat.com/errata/RHSA-2025:15729
USN-7702-1		https://usn.ubuntu.com/7702-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43240.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/124149

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:28:26Z/ Found at https://support.apple.com/en-us/124149

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/124152

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:28:26Z/ Found at https://support.apple.com/en-us/124152

Exploit Prediction Scoring System (EPSS)

Percentile	0.0078
EPSS Score	0.0001
Published At	Aug. 3, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T12:53:27.862217+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	37.0.0