CVE-2025-43495

{"id": "CVE-2025-43495", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-11-04T02:15:52.687", "references": [{"url": "https://support.apple.com/en-us/125632", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/125633", "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission."}, {"lang": "es", "value": "El problema se abord\u00f3 con comprobaciones mejoradas. Este problema est\u00e1 solucionado en iOS 18.7.2 y iPadOS 18.7.2. Una aplicaci\u00f3n podr\u00eda monitorizar pulsaciones de teclas sin permiso del usuario."}], "lastModified": "2025-12-17T21:16:08.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8", "versionEndExcluding": "26.1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925", "versionEndExcluding": "26.1"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}