SecuriTricks - CVE-2025-43400

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.

Product(s) Impacted

Vendor	Product	Versions
Apple	Ipados Iphone Os Macos Visionos	, 26.0 , 26.0 , 26.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	apple	ipados	/	/	/	/	/	/	/	/
o	apple	ipados	26.0	/	/	/	/	/	/	/
o	apple	iphone_os	/	/	/	/	/	/	/	/
o	apple	iphone_os	26.0	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	/	/	/	/	/	/	/	/
o	apple	macos	26.0	/	/	/	/	/	/	/
o	apple	visionos	/	/	/	/	/	/	/	/

References

https://support.apple.com/en-us/125326

https://support.apple.com/en-us/125327

https://support.apple.com/en-us/125328

https://support.apple.com/en-us/125329

https://support.apple.com/en-us/125330

https://support.apple.com/en-us/125338

CVSS Score

6.3 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

View Vector String

Timeline

Published: Sept. 29, 2025, 6:15 p.m.
Last Modified: Sept. 30, 2025, 5:12 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

product-security@apple.com

CVE-2025-43400