CVE-2025-43282

Oct. 15, 2025, 9:15 p.m.

5.5
Medium

Description

A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.

Product(s) Impacted

Vendor Product Versions
Apple
  • Macos
  • Ios
  • Ipad Os
  • Watchos
  • Tv Os
  • Visionos
  • Macos Ventura
  • Macos Sonoma
  • 15.6
  • 18.6
  • 18.6, 17.7.9
  • 11.6
  • 18.6
  • 2.6
  • 13.7.7
  • 14.7.7

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o apple macos 15.6 / / / / / / /
o apple ios 18.6 / / / / / / /
o apple ipad_os 18.6 / / / / / / /
o apple watchos 11.6 / / / / / / /
o apple tv_os 18.6 / / / / / / /
o apple visionos 2.6 / / / / / / /
o apple macos_ventura 13.7.7 / / / / / / /
o apple macos_sonoma 14.7.7 / / / / / / /
o apple ipad_os 17.7.9 / / / / / / /

References

https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124148
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124150
https://support.apple.com/en-us/124151
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124154
https://support.apple.com/en-us/124155

Tags

product-security@apple.com
CWE-415
2025-10-15
CVE-2025-43282

CVSS Score

5.5 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Oct. 15, 2025, 8:15 p.m.
Last Modified: Oct. 15, 2025, 9:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.