SecuriTricks - CVE-2025-43186

Description

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.7.7, visionOS 2.6, macOS Ventura 13.7.7. Parsing a file may lead to an unexpected app termination.

Product(s) Impacted

Vendor	Product	Versions
Apple	Ipados Iphone Os Macos Tvos Visionos Watchos	* * * * * *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	iphone_os	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	tvos	/	/	/	/	/	/	/	/
o	apple	visionos	/	/	/	/	/	/	/	/
o	apple	watchos	/	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/124147

https://support.apple.com/en-us/124149

https://support.apple.com/en-us/124150

https://support.apple.com/en-us/124151

https://support.apple.com/en-us/124153

https://support.apple.com/en-us/124154

https://support.apple.com/en-us/124155

CVSS Score

9.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: July 30, 2025, 12:15 a.m.
Last Modified: July 31, 2025, 8:58 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CVE-2025-43186