CVE-2025-43529

Dec. 18, 2025, 2:59 p.m.

8.8
High

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

Product(s) Impacted

Vendor Product Versions
Apple
  • Safari
  • Ipados
  • Iphone Os
  • Macos
  • Tvos
  • Visionos
  • Watchos
  • *
  • *
  • *
  • *
  • *
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-416
Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a apple safari / / / / / / / /
o apple ipados / / / / / / / /
o apple ipados / / / / / / / /
o apple iphone_os / / / / / / / /
o apple iphone_os / / / / / / / /
o apple macos / / / / / / / /
o apple tvos / / / / / / / /
o apple visionos / / / / / / / /
o apple watchos / / / / / / / /

References

https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125886
https://support.apple.com/en-us/125889
https://support.apple.com/en-us/125890
https://support.apple.com/en-us/125891
https://support.apple.com/en-us/125892
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529

Tags

product-security@apple.com
2025-12-17
CVE-2025-43529

CVSS Score

8.8 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Dec. 17, 2025, 9:16 p.m.
Last Modified: Dec. 18, 2025, 2:59 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

product-security@apple.com

Relations

Here is the list of observables linked to the vulnerability CVE-2025-43529 using threat intelligence.

  • Multiple Products
  • Multiple Products

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.