CVE-2025-43234

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/124147	Release Notes Vendor Advisory
https://support.apple.com/en-us/124149	Release Notes Vendor Advisory
https://support.apple.com/en-us/124153	Release Notes Vendor Advisory
https://support.apple.com/en-us/124154	Release Notes Vendor Advisory
https://support.apple.com/en-us/124155	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jul/30
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/35
http://seclists.org/fulldisclosure/2025/Jul/37

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

No history.

Information

Published : 2025-07-30 00:15

Updated : 2025-11-03 20:18

NVD link : CVE-2025-43234

Mitre link : CVE-2025-43234

CVE.ORG link : CVE-2025-43234

JSON object : View

Products Affected

apple

ipados
iphone_os
tvos
visionos
macos
watchos

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-43234", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-30T00:15:35.453", "references": [{"url": "https://support.apple.com/en-us/124147", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/124149", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/124153", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/124154", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/124155", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/30", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/35", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/37", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected app termination."}, {"lang": "es", "value": "Se solucionaron varios problemas de corrupci\u00f3n de memoria mejorando la validaci\u00f3n de entrada. Este problema est\u00e1 corregido en watchOS 11.6, iOS 18.6 y iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6 y visionOS 2.6. El procesamiento de una textura manipulada con fines malintencionados puede provocar el cierre inesperado de la aplicaci\u00f3n."}], "lastModified": "2025-11-03T20:18:55.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ED4015E-C707-4A91-86B3-23100E0DFA8F", "versionEndExcluding": "18.6"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD9D42A7-DE2A-4D5A-8C7B-002A60148483", "versionEndExcluding": "18.6"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "077E4BB7-4A8B-4D18-BCD7-2938A2B8B9C8", "versionEndExcluding": "15.6"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBC1698A-3E9C-4055-B23A-13A3C22BD6EE", "versionEndExcluding": "18.6"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADBC0BD-ECAC-4E0A-B490-24649AFE5355", "versionEndExcluding": "2.6"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35D9C2D7-6120-4631-8D0B-259641DFD85B", "versionEndExcluding": "11.6"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}