CVE-2025-43187: 
macOS vulnerability analysis and mitigation

CVE-2025-43187 is a security vulnerability discovered in macOS operating systems (Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7) that allows arbitrary code execution through the hdiutil command. The vulnerability was first reported on February 4, 2025, and was addressed by Apple in updates released on July 29, 2025. The vulnerability was discovered by researchers 风沐云烟 (@binary_fmyy) and Minghao Lin (@Y1nKoc) (Apple Support).

The vulnerability exists in the Disk Images component of macOS where running an hdiutil command may unexpectedly execute arbitrary code. The issue was addressed by Apple by removing the vulnerable code. The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability could allow an attacker to execute arbitrary code in the context of the logged-on user. For users with administrative privileges, this could enable an attacker to install programs, view or modify data, or create new accounts with full user rights. The impact is considered HIGH for large and medium government and business entities, MEDIUM for small government and business entities, and LOW for home users (CIS Advisory).

Apple has addressed this vulnerability by removing the vulnerable code in the following macOS versions: macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. Users are advised to immediately update their systems to these versions after appropriate testing (Apple Support).