CVE-2025-43520

HIGH

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

CVSS v3.1 Score

7.1
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH
Published: 12/12/2025Modified: 4/2/2026

Related Intelligence (1)

HIGHVulnerability

CISA KEV: Apple Multiple Products — Apple Multiple Products Classic Buffer Overflow Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.

CVE-2025-43520Apple Multiple Products
CISA KEV

References (10)

https://support.apple.com/en-us/125632Release NotesVendor Advisoryhttps://support.apple.com/en-us/125633Release NotesVendor Advisoryhttps://support.apple.com/en-us/125634Release NotesVendor Advisoryhttps://support.apple.com/en-us/125635Release NotesVendor Advisoryhttps://support.apple.com/en-us/125636Release NotesVendor Advisoryhttps://support.apple.com/en-us/125637Release NotesVendor Advisoryhttps://support.apple.com/en-us/125638Release NotesVendor Advisoryhttps://support.apple.com/en-us/125639Release NotesVendor Advisoryhttps://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/Technical Descriptionhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43520US Government Resource