CVE-2025-43470 is a permissions vulnerability in Apple macOS that allows a standard user account to view files originating from a disk image owned by an administrator. The root cause is insufficient access control on disk images, which are virtual volumes that can contain files and folders. Normally, files created by an administrator on such disk images should be inaccessible to lower-privileged users unless explicitly shared. However, due to this flaw, standard users can bypass intended restrictions and read sensitive files, leading to a confidentiality breach. The vulnerability is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) and was addressed by Apple in macOS Tahoe 26.1 through additional permission restrictions. The CVSS v3.1 base score is 5.5 (medium severity), reflecting local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), and no impact on integrity or availability (I:N/A:N). Exploitation requires local access but no user interaction, making it a concern in environments where multiple users share the same system or where attackers have gained limited access. No public exploits have been reported yet, but the vulnerability could facilitate unauthorized data disclosure if left unpatched.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of sensitive information stored within administrator-owned disk images on macOS devices. In enterprises with shared workstations or multi-user environments, a standard user could access confidential files without elevated privileges, potentially leading to data leaks or exposure of intellectual property. This could undermine compliance with data protection regulations such as GDPR, especially if personal or sensitive data is involved. Although the vulnerability does not affect system integrity or availability, the confidentiality breach alone can have significant reputational and legal consequences. Organizations relying heavily on macOS systems for administrative tasks or storing sensitive data on disk images are particularly at risk. The absence of known exploits reduces immediate threat but does not eliminate the risk of future exploitation, especially by insider threats or attackers with initial foothold on affected systems.

The primary mitigation is to apply the security update provided by Apple in macOS Tahoe 26.1, which enforces stricter permission controls on disk images. Organizations should prioritize patch management to ensure all macOS devices are updated promptly. Additionally, administrators should audit existing disk images for inappropriate permission settings and restrict access to sensitive disk images only to authorized users. Implementing strict user account controls and limiting local user privileges can reduce the risk of exploitation. Employ endpoint security solutions capable of monitoring unusual file access patterns on macOS devices. For environments with shared devices, consider segregating user roles and using encrypted disk images with strong access controls. Regularly review and update security policies regarding the use and sharing of disk images to prevent inadvertent exposure.