CVE-2025-43390 is a security vulnerability identified in Intel-based Apple macOS systems, resolved in macOS Sequoia 15.7.2. The issue stems from a downgrade vulnerability that allowed applications to circumvent existing security controls by exploiting insufficient code-signing restrictions. Code signing is a critical security mechanism in macOS that ensures only trusted applications run with appropriate privileges. The downgrade flaw permitted malicious or unauthorized apps to access user-sensitive data, potentially including personal files, credentials, or other confidential information. Although the exact affected versions are unspecified, the vulnerability specifically targets Intel-based Macs, indicating that Apple Silicon devices are not impacted. The patch introduced enhanced code-signing enforcement to prevent such bypasses. No public exploits have been reported, suggesting limited or no active exploitation currently. However, the vulnerability's nature implies a significant risk to confidentiality if exploited. The absence of a CVSS score necessitates an independent severity assessment based on the potential impact and exploitability. Since exploitation does not require user interaction or authentication, and the scope includes all Intel-based macOS systems prior to the patch, the threat is substantial. This vulnerability highlights the importance of maintaining up-to-date systems and vigilant application control policies.

For European organizations, the primary impact of CVE-2025-43390 lies in the potential unauthorized disclosure of sensitive user data on Intel-based macOS devices. This could lead to breaches of personal data, intellectual property theft, or exposure of confidential business information, undermining privacy and compliance with regulations such as GDPR. Organizations in sectors like finance, healthcare, and government, which often use macOS for secure workflows, may face increased risk. The vulnerability could facilitate insider threats or external attackers deploying malicious apps to gain unauthorized access. Although no known exploits exist yet, the ease of exploitation due to lack of required authentication or user interaction increases risk. Disruption to business operations could occur if sensitive data is compromised, leading to reputational damage and potential regulatory penalties. The impact is amplified in environments where patch management is slow or where legacy Intel-based Macs remain in use. Overall, the vulnerability poses a high confidentiality risk with moderate operational impact.

To mitigate CVE-2025-43390, European organizations should immediately prioritize updating all Intel-based macOS systems to version Sequoia 15.7.2 or later, which contains the necessary code-signing restrictions fix. Implement strict application whitelisting and monitor for unauthorized or unsigned applications attempting to run. Review and tighten code-signing policies to ensure only trusted developers' apps are permitted. Conduct audits of installed software to identify potentially vulnerable or malicious applications. Employ endpoint detection and response (EDR) solutions capable of detecting anomalous access to sensitive data or unusual app behavior. Educate users about the risks of installing untrusted software, even if no user interaction is required for exploitation, as social engineering could still be a vector. Maintain robust backup and incident response plans to quickly recover from any data compromise. Finally, monitor Apple security advisories for any updates or emerging exploit reports related to this vulnerability.