CVE-2025-43506

HIGH

macOS < 26.1 - iCloud Private Relay Activation Bypass via Multi-User Session

Title source: llm

Description

A logic error was addressed with improved error handling. This issue is fixed in macOS Tahoe 26.1. iCloud Private Relay may not activate when more than one user is logged in at the same time.

References (1)

Core 1

Core References

Release Notes, Vendor Advisory

https://support.apple.com/en-us/125634

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-843

Status published

Products (2)

apple/macos < 26.1

Apple/macOS < 26.1

Published Dec 12, 2025

Tracked Since Feb 18, 2026