CVE-2025-43300

Aug. 22, 2025, 1 a.m.

8.8
High

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Product(s) Impacted

Vendor Product Versions
Apple
  • Macos Sonoma
  • Macos Ventura
  • Ipad Os
  • Macos Sequoia
  • Ios
  • 14.7.8
  • 13.7.8
  • 17.7.10, 18.6.2
  • 15.6.1
  • 18.6.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a apple macos_sonoma 14.7.8 / / / / / / /
a apple macos_ventura 13.7.8 / / / / / / /
a apple ipad_os 17.7.10 / / / / / / /
a apple macos_sequoia 15.6.1 / / / / / / /
a apple ios 18.6.2 / / / / / / /
a apple ipad_os 18.6.2 / / / / / / /

References

https://support.apple.com/en-us/124925
https://support.apple.com/en-us/124926
https://support.apple.com/en-us/124927
https://support.apple.com/en-us/124928
https://support.apple.com/en-us/124929

Tags

CWE-787
product-security@apple.com
2025-08-21
CVE-2025-43300

CVSS Score

8.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Aug. 21, 2025, 1:15 a.m.
Last Modified: Aug. 22, 2025, 1 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

Linked Attack Reports

August Vulnerabilities of Note

In August 2025, eighteen high-impact vulnerabilities were identified for prioritized remediation, down from 22 in July. The month saw a focus on Citrix and D-Link flaws, with active exploitation of Citrix NetScaler products and D-Link routers. OS Command Injection was the most common weakness. One …
vulnerability
command injection
exploitation
remote code execution
snipbot
rustyclaw
patch management
deserialization
CVE-2025-8088
CVE-2025-25256
CVE-2025-8875
CVE-2025-8876
CVE-2025-20265
CVE-2025-7775
2025-09-15
mythic c2 agent
Published: September 15, 2025
Linked vulnerabilities : CVE-2024-8068, CVE-2024-8069 (CVSS 8.8), CVE-2025-54948 (CVSS 9.4), CVE-2025-8088, CVE-2024-26009 (CVSS 8.1), CVE-2025-25256 (CVSS 9.8), CVE-2025-8875 (CVSS 9.4), CVE-2025-8876 (CVSS 9.4), CVE-2025-20265 (CVSS 10.0), CVE-2025-43300 (CVSS 8.8), CVE-2025-7775 (CVSS 9.2), CVE-2025-7776 (CVSS 8.8), CVE-2025-8424 (CVSS 8.7), CVE-2025-57819, CVE-2007-0671, CVE-2013-3893, CVE-2020-25079, CVE-2020-25078, CVE-2025-48384, CVE-2022-40799
Downloadable IOCs: 11

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.