CVE-2025-43433
Essential information
- Published
- 04/11/2025 02:15
- Modified
- 17/12/2025 21:16
- Author
- —
- Creator
- —
- CVSS
- 8.8 HIGH (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality impact
- HIGH
- Integrity impact
- HIGH
- Availability impact
- HIGH
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption.
NVD status
- Status
- Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| apple / safari | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
| apple / ipados | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
| apple / iphone os | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple / tvos | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| apple / visionos | cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
| apple / watchos | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |