CVE-2025-43300

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.apple.com/en-us/125141	Release Notes Vendor Advisory
https://support.apple.com/en-us/125142	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Sep/10	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Sep/14	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Sep/52	Mailing List Third Party Advisory
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md	Exploit Third Party Advisory
https://github.com/cisagov/vulnrichment/issues/201	Issue Tracking
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43300	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

History

No history.

Information

Published : 2025-08-21 01:15

Updated : 2025-11-26 16:21

NVD link : CVE-2025-43300

Mitre link : CVE-2025-43300

CVE.ORG link : CVE-2025-43300

JSON object : View

Products Affected

apple

ipados
macos
iphone_os

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-43300", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2025-08-21T01:15:36.243", "references": [{"url": "https://support.apple.com/en-us/125141", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/125142", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/10", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/14", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/52", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cisagov/vulnrichment/issues/201", "tags": ["Issue Tracking"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43300", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de escritura fuera de los l\u00edmites mejorando la comprobaci\u00f3n de los l\u00edmites. Este problema se solucion\u00f3 en macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 y iPadOS 18.6.2. Procesar un archivo de imagen malicioso puede provocar da\u00f1os en la memoria. Apple tiene conocimiento de un informe que indica que este problema podr\u00eda haber sido explotado en un ataque extremadamente sofisticado contra individuos espec\u00edficos."}], "lastModified": "2025-11-26T16:21:19.870", "cisaActionDue": "2025-09-11", "cisaExploitAdd": "2025-08-21", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBDB9319-770B-401B-8D7E-40BB6E370446", "versionEndExcluding": "15.8.5"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BD176E0-E5C8-4009-A214-B8C9AFA59934", "versionEndExcluding": "16.7.12", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E640930D-FE94-4B16-9512-9E95091644E5", "versionEndExcluding": "18.6.2", "versionStartIncluding": "18.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F99051-EE84-4D7D-8042-688337134F24", "versionEndExcluding": "15.8.5"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D79D2C71-2062-4D9E-8E3C-23C00CEE6226", "versionEndExcluding": "16.7.12", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31536890-ADCB-49F4-AEAA-A10FC40D4881", "versionEndExcluding": "18.6.2", "versionStartIncluding": "18.0"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B590C13-CEA2-44D3-8C0A-B15A61F424AB", "versionEndExcluding": "13.7.8"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability"}