THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — July 30, 2025

39 CVEs tracked today. 11 Critical, 13 High, 15 Medium, 0 Low.

CVE-2025-43273 CRITICAL CVSS 9.1
Sandbox escape in macOS Sequoia 15.x and Sonoma 14.x allows sandboxed processes to bypass security restrictions and access high-value confidential data or modify system integrity without authentication. Patched in macOS Sequoia 15.6 and macOS Sonoma 14.8. EPSS exploitation probability is low (0.05%, 16th percentile), and no public exploit identified at time of analysis, though the CVSS 9.1 rating reflects the severe theoretical impact of compromised sandbox isolation-a critical security boundary in macOS architecture.

Apple macOS Privilege Escalation
CVE-2025-43243 CRITICAL CVSS 9.8
File system permission bypass in macOS allows applications to modify protected system files without proper authorization. Affects macOS Sequoia (prior to 15.6), Sonoma (prior to 14.7.7), and Ventura (prior to 13.7.7). Despite a critical 9.8 CVSS score with network attack vector rating, the vulnerability requires local application execution, making the CVSS vector potentially misleading. EPSS exploitation probability is very low at 0.08% (24th percentile), and no public exploit identified at time of analysis. Tagged for information disclosure, though integrity impact is primary concern given file system modification capability.

Apple macOS Privilege Escalation
CVE-2025-43234 CRITICAL CVSS 9.8
Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allow remote code execution via maliciously crafted texture files. Affects all major Apple platforms prior to July 2025 updates (iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6). Despite a critical CVSS 9.8 score indicating network-exploitable remote code execution without authentication, EPSS shows only 0.18% exploitation probability (40th percentile), and no public exploit identified at time of analysis. The vulnerability requires processing specially crafted texture data, likely through applications handling untrusted image or 3D content.

Apple iOS macOS Memory Corruption Denial Of Service
CVE-2025-43232 CRITICAL CVSS 9.8
Privacy controls in macOS Sequoia, Sonoma, and Ventura can be bypassed by local applications due to insufficient permission enforcement, allowing unauthorized access to privacy-protected resources. Fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. CVSS score of 9.8 (Critical) reflects network-exploitable attack vector, but actual exploitation requires local app installation, making the CVSS vector (AV:N) likely misaligned with the described attack scenario. No public exploit identified at time of analysis; EPSS score of 0.08% (24th percentile) indicates low predicted exploitation probability despite high CVSS severity.

Apple macOS Privilege Escalation
CVE-2025-43222 CRITICAL CVSS 9.8
Use-after-free memory corruption in Apple's operating systems (iPadOS 17.x, macOS Sequoia 15.x, Sonoma 14.x, Ventura 13.x) allows network-based attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability was remediated by removing the vulnerable code entirely rather than patching it. Despite a critical CVSS 9.8 score, EPSS indicates only 0.08% exploitation probability (24th percentile), and no public exploit identified at time of analysis. Apple released patches in July 2025 across all affected platforms simultaneously.

Apple iOS macOS Use After Free Denial Of Service
CVE-2025-43209 CRITICAL CVSS 9.8
Out-of-bounds write vulnerability in WebKit across Apple's entire operating system ecosystem allows remote code execution via maliciously crafted web content without user interaction or authentication. Affects iOS, iPadOS, macOS (Ventura through Sequoia), tvOS, visionOS, and watchOS prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating maximum severity, EPSS probability remains low at 0.14% (34th percentile), and no public exploit identified at time of analysis, suggesting limited observed exploitation attempts despite the theoretical remote attack surface.

Apple iOS macOS Safari Memory Corruption
CVE-2025-43193 CRITICAL CVSS 9.8
Memory handling flaw in macOS allows remote denial-of-service via malicious application, affecting Sequoia 15.x, Sonoma 14.x, and Ventura 13.x systems prior to July 2025 security updates. Despite a critical 9.8 CVSS score indicating network-accessible attack with no authentication required, EPSS probability is low (0.10%, 27th percentile) and no public exploit identified at time of analysis. The severity rating appears inconsistent with the described impact (DoS only, no code execution), suggesting CVSS vector may require validation against actual attack requirements.

Apple macOS Denial Of Service
CVE-2025-43186 CRITICAL CVSS 9.8
Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS 18.6, macOS (Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7), tvOS 18.6, visionOS 2.6, and watchOS 11.6. Unauthenticated attackers can trigger arbitrary code execution by delivering a maliciously crafted file requiring no user interaction beyond parsing. Despite CVSS 9.8 critical severity, EPSS score of 0.16% (37th percentile) indicates low observed exploitation probability. No public exploit identified at time of analysis and not listed in CISA KEV, suggesting theoretical risk exceeds current real-world threat activity.

Apple iOS Memory Corruption Denial Of Service Ipados
CVE-2025-43184 CRITICAL CVSS 9.8
Authentication bypass in macOS Shortcuts allows malicious shortcuts to circumvent sensitive app settings without user consent across macOS Ventura 13.x, Sonoma 14.x, and Sequoia 15.x prior to July 2025 security updates. Despite a critical CVSS 9.8 score suggesting network-based exploitation, the vulnerability actually requires local shortcut execution with no authentication (PR:N), making the CVSS vector potentially misaligned with the actual attack surface. No public exploit identified at time of analysis, with EPSS score of 0.08% (24th percentile) indicating low predicted exploitation probability. Apple fixed the issue by adding mandatory user consent prompts.

Apple macOS Privilege Escalation
CVE-2025-31281 CRITICAL CVSS 9.1
Memory handling flaws in Apple's operating systems allow unauthenticated remote attackers to cause information disclosure and application crashes by sending maliciously crafted files. Affects iOS 18.x prior to 18.6, iPadOS 18.x prior to 18.6, macOS Sequoia prior to 15.6, tvOS prior to 18.6, and visionOS prior to 2.6. CVSS 9.1 (Critical) reflects network-accessible attack vector with no authentication required, though EPSS probability remains low at 0.12% (32nd percentile), and no public exploit or active exploitation confirmed at time of analysis.

Apple iOS macOS Denial Of Service Ipados
CVE-2025-31279 CRITICAL CVSS 9.8
Applications on Apple operating systems can fingerprint users through a permissions flaw that bypasses privacy restrictions. Affects macOS Ventura 13.x, Sonoma 14.x, Sequoia 15.x, and iPadOS 17.x with patches released in versions 13.7.7, 14.7.7, 15.6, and 17.7.9 respectively. CVSS 9.8 critical severity contradicts the low EPSS score (0.07%, 22nd percentile) and information disclosure nature, suggesting scoring misalignment. No public exploit identified at time of analysis, but the low technical barrier (network accessible, no authentication required per CVSS vector) makes this concerning for privacy-focused environments despite the limited impact scope of user fingerprinting.

Apple iOS macOS Information Disclosure Ipados
CVE-2025-31277 HIGH CVSS 8.8
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.

Buffer Overflow Apple Redhat Suse
CVE-2025-43277 HIGH CVSS 7.8
Memory corruption in Apple's audio processing framework across iOS, macOS, tvOS, visionOS, and watchOS allows local attackers to achieve arbitrary code execution by tricking users into opening malicious audio files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, macOS Sonoma 14.8, tvOS 18.6, visionOS 2.6, and watchOS 11.6. Despite a high CVSS score of 7.8, the 2% EPSS probability indicates low observed exploitation likelihood, with no public exploit identified at time of analysis and no CISA KEV listing.

Apple iOS macOS Memory Corruption
CVE-2025-43270 HIGH CVSS 8.8
macOS sandbox escape vulnerability allows locally installed applications to bypass Local Network access restrictions and perform unauthorized network operations. Affects macOS Ventura (pre-13.7.7), Sonoma (pre-14.7.7), and Sequoia (pre-15.6). CVSS 8.8 reflects high impact on confidentiality, integrity, and availability with scope change, but requires local access with low privileges (PR:L). EPSS score of 0.02% (4th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, and not listed in CISA KEV. Real-world risk centers on malicious apps installed by legitimate users bypassing Apple's network privacy controls.

Apple macOS Privilege Escalation
CVE-2025-43254 HIGH CVSS 7.1
Out-of-bounds read in macOS file processing can expose sensitive memory and crash applications when victims open maliciously crafted files. Affects macOS Ventura 13.x, Sonoma 14.x, and Sequoia 15.x prior to patched versions (13.7.7, 14.7.7, 15.6 respectively). Requires local access and user interaction (CVSS AV:L/UI:R). EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation likelihood. No CISA KEV listing or public exploit identified at time of analysis, suggesting low immediate threat despite CVSS 7.1 rating.

Apple macOS Denial Of Service
CVE-2025-43227 HIGH CVSS 7.5
Information disclosure vulnerability in WebKit across Apple's ecosystem allows unauthenticated remote attackers to extract sensitive user information through maliciously crafted web content. The flaw affects Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, visionOS 2.x, and watchOS 11.x, stemming from improper state management (CWE-359). Despite a CVSS score of 7.5, real-world exploitation risk remains relatively low with 0.13% EPSS probability and no public exploit identified at time of analysis. Vendor-released patches are available across all affected platforms.

Apple Safari iOS macOS Information Disclosure
CVE-2025-43224 HIGH CVSS 7.1
Out-of-bounds memory access in Apple media processing components affects iOS, iPadOS, macOS, tvOS, and visionOS, allowing local attackers to crash applications or corrupt memory via malicious media files. Fixed in iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, and visionOS 2.6. EPSS score of 0.02% (4th percentile) indicates minimal observed exploitation probability, and no public exploit identified at time of analysis, suggesting lower immediate risk despite CVSS 7.1 rating.

Apple iOS macOS Buffer Overflow Denial Of Service
CVE-2025-43223 HIGH CVSS 7.5
Improper input validation in Apple's network configuration subsystem across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS allows unauthenticated remote attackers to trigger denial-of-service conditions and enables non-privileged local users to modify restricted network settings. Fixed in iOS/iPadOS 18.6/17.7.9, macOS Sequoia 15.6, Sonoma 14.7.7, Ventura 13.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. EPSS score of 0.15% (36th percentile) indicates low predicted exploitation probability, and no public exploit identified at time of analysis.

Apple iOS macOS Denial Of Service Privilege Escalation
CVE-2025-43221 HIGH CVSS 7.1
Out-of-bounds read vulnerability in Apple media processing frameworks allows local attackers to cause application crashes or disclose sensitive process memory by tricking users into opening malicious media files. Affects iOS/iPadOS 18.x, macOS Sequoia 15.x, tvOS 18.x, and visionOS 2.x prior to July 2025 security updates. No public exploit identified at time of analysis, with EPSS score of 0.02% indicating minimal observed exploitation activity. User interaction required (opening crafted file) reduces immediate risk despite 7.1 CVSS score.

Apple iOS macOS Buffer Overflow Denial Of Service
CVE-2025-31278 HIGH CVSS 8.8
Memory corruption in Apple's WebKit browser engine across Safari 18.x, iOS/iPadOS 18.x, macOS Sequoia 15.x, and other Apple operating systems allows remote attackers to achieve arbitrary code execution via maliciously crafted web content requiring only user interaction (visiting a malicious webpage). With CVSS 8.8 (High), the vulnerability enables complete system compromise (high confidentiality, integrity, and availability impact) but carries relatively low real-world exploitation probability (EPSS 0.10%, 27th percentile). No public exploit identified at time of analysis, and vendor-released patches are available across all affected platforms as of July-August 2025.

Apple Safari iOS macOS Memory Corruption
CVE-2025-31273 HIGH CVSS 8.8
Memory corruption in WebKit browser engine allows remote code execution across Apple's ecosystem (Safari 18.6, iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6) when users interact with maliciously crafted web content. The vulnerability stems from improper memory handling (CWE-119 buffer overflow) and requires no authentication but user interaction to trigger. EPSS score of 0.10% (26th percentile) indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS 8.8 rating reflects the potential for complete system compromise if successfully exploited.

Apple Safari iOS macOS Memory Corruption
CVE-2025-31243 HIGH CVSS 7.8
Privilege escalation in macOS Sequoia 15.x, Sonoma 14.x, and Ventura 13.x allows local applications to gain root privileges through a permissions enforcement weakness. The vulnerability requires user interaction but no authentication, enabling malicious applications to achieve complete system compromise. Fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. No public exploit identified at time of analysis, with EPSS score of 0.01% (2nd percentile) indicating minimal observed exploitation likelihood.

Apple macOS Privilege Escalation
CVE-2025-24224 HIGH CVSS 7.5
Remote denial-of-service in Apple operating systems (iOS, iPadOS, macOS, tvOS, visionOS, watchOS) allows unauthenticated network attackers to trigger unexpected system termination via improved checks bypass. Affects multiple OS versions prior to their respective May 2025 updates (iOS/iPadOS 18.5/17.7.9, macOS Sequoia 15.5/Ventura 13.7.7, tvOS 18.5, visionOS 2.5, watchOS 11.5). No public exploit identified at time of analysis. EPSS probability of 0.27% (51st percentile) suggests relatively low observed exploitation activity, though the network-accessible attack vector and lack of authentication requirements (CVSS AV:N/PR:N) create broad exposure surface across Apple's ecosystem.

Apple iOS Denial Of Service Ipados Iphone Os
CVE-2025-24119 HIGH CVSS 7.8
Sandbox escape and privilege escalation in macOS 13.7.x through 15.2.x allow local authenticated users to execute arbitrary code outside application sandboxes or gain elevated privileges via state management flaws. Apple patched this in macOS Ventura 13.7.7, Sonoma 14.7.7, and Sequoia 15.3. With EPSS at 0.02% (5th percentile) and no public exploit identified at time of analysis, real-world risk remains low despite the high CVSS score, though local attackers with existing user-level access could leverage this for post-exploitation privilege escalation.

Apple macOS RCE Privilege Escalation
CVE-2025-43265 MEDIUM CVSS 4.0
Out-of-bounds read in Apple Safari and system WebKit implementations allows local attackers to disclose internal application state by processing maliciously crafted web content, affecting Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. The vulnerability requires local access and user interaction but poses information disclosure risk with CVSS 4.0 and EPSS 0.02% (very low exploitation probability); no public exploit code or active exploitation has been identified.

Apple Safari iOS macOS Information Disclosure
CVE-2025-43241 MEDIUM CVSS 5.5
Improper sandbox enforcement in macOS allows local applications to read files outside their designated sandbox boundaries without user authorization. The vulnerability affects macOS Sequoia before 15.6, macOS Sonoma before 14.7.7, and macOS Ventura before 13.7.7. An attacker controlling a sandboxed application can bypass file access restrictions through a permissions validation flaw, enabling confidentiality breaches of user data outside the app's intended scope. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.01% indicates minimal real-world exploitation likelihood despite the medium CVSS rating.

Apple macOS Information Disclosure
CVE-2025-43240 MEDIUM CVSS 6.2
Safari and macOS contain a logic flaw that allows incorrect association of a download's origin, potentially disclosing information about file provenance to local attackers. The vulnerability affects Safari 18.6 and earlier, plus macOS Sequoia 15.6 and earlier, and requires local access (no authentication needed) to exploit. This is a low-exploitation-probability issue (EPSS 0.03%) with no confirmed active exploitation or public POC at time of analysis.

Apple Safari macOS Information Disclosure Redhat
CVE-2025-43230 MEDIUM CVSS 4.0
Insufficient permission checks in Apple operating systems allow local apps to access user-sensitive data without proper authorization. The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (and iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unprivileged local application can exploit this to read sensitive user information by circumventing the permission model. No public exploit code has been identified at time of analysis, and EPSS scoring (0.02%, 4th percentile) indicates very low real-world exploitation probability despite the information disclosure impact.

Apple iOS Information Disclosure Privilege Escalation Ipados
CVE-2025-43229 MEDIUM CVSS 6.1
Universal cross-site scripting (XSS) in Safari and macOS allows remote attackers to execute arbitrary JavaScript in the context of visited websites by processing maliciously crafted web content. The vulnerability affects Safari 18.5 and earlier, and macOS Sequoia 15.5 and earlier, and is fixed in Safari 18.6 and macOS Sequoia 15.6. Attack requires user interaction (clicking a malicious link or visiting a compromised site) but carries no authentication requirement. EPSS score of 0.04% indicates low real-world exploitation probability despite the moderate CVSS rating.

Apple Safari macOS XSS
CVE-2025-43228 MEDIUM CVSS 4.3
Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.

Apple Safari iOS Open Redirect Ipados
CVE-2025-43226 MEDIUM CVSS 4.0
Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.

Apple iOS macOS Information Disclosure Ipados
CVE-2025-43225 MEDIUM CVSS 5.5
Local apps can access sensitive user data through inadequate log redaction in iPadOS and macOS, allowing information disclosure when a user interacts with a malicious application. Apple has released patches for iPadOS 17.7.9 and macOS versions 15.6 (Sequoia), 14.7.7 (Sonoma), and 13.7.7 (Ventura) that implement improved data redaction in logging. The EPSS score of 0.01% and absence of public exploit code indicate low real-world exploitation likelihood despite moderate CVSS scoring.

Apple iOS macOS Information Disclosure Ipados
CVE-2025-43217 MEDIUM CVSS 4.0
Privacy indicator bypass in Apple iOS and iPadOS allows local attackers to determine microphone or camera access without user notification. The vulnerability affects iOS 18.6 and earlier, and iPadOS 17.7.9 and earlier, enabling unauthorized monitoring of privacy-sensitive device activity. Apple has released patched versions (iOS 18.6, iPadOS 18.6, and iPadOS 17.7.9) that add logic to correctly display privacy indicators when microphone or camera access occurs. EPSS exploitation probability is very low at 0.02%, and no public exploit code has been identified.

Apple iOS Information Disclosure Ipados Iphone Os
CVE-2025-43216 MEDIUM CVSS 6.5
Safari and Apple operating systems contain a use-after-free vulnerability in web content processing that causes unexpected application crashes when users visit maliciously crafted websites. The flaw affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier), macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Remote attackers can trigger a denial-of-service condition requiring only user interaction to visit a malicious page, with no elevated privileges required. Apple has released patches for all affected platforms; the EPSS score of 0.10% (28th percentile) indicates low real-world exploitation probability despite the accessibility of the attack vector.

Apple Safari iOS macOS Use After Free
CVE-2025-43214 MEDIUM CVSS 6.5
Safari and related Apple platforms crash when processing maliciously crafted web content due to improper memory handling in a buffer overflow condition (CWE-119). The vulnerability affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger denial of service by hosting or injecting malicious web content that causes an unexpected browser crash. No public exploit code or active exploitation has been confirmed at time of analysis, though the low EPSS score (0.15%) suggests minimal real-world exploitation likelihood despite the moderate CVSS 6.5 severity.

Apple Safari iOS macOS Denial Of Service
CVE-2025-43213 MEDIUM CVSS 6.5
Safari and Apple platform web content processing crashes due to a buffer overflow vulnerability when handling maliciously crafted web content. Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Unauthenticated remote attackers can trigger a denial of service by enticing users to visit a malicious webpage, resulting in application crash with no data theft or code execution capability. No public exploit identified at time of analysis; EPSS score of 0.12% indicates low real-world exploitation probability despite moderate CVSS rating.

Apple Safari iOS macOS Denial Of Service
CVE-2025-43212 MEDIUM CVSS 6.5
Safari and related Apple platforms crash when processing maliciously crafted web content due to a memory handling vulnerability (buffer overflow). Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. An unauthenticated remote attacker can trigger a denial of service by hosting or injecting malicious web content, with user interaction required to visit the affected content. No public exploit code or active exploitation has been confirmed (EPSS 0.08% indicates minimal real-world exploitation activity to date).

Apple Safari iOS macOS Memory Corruption
CVE-2025-43211 MEDIUM CVSS 6.2
Denial-of-service vulnerability in Apple's WebKit engine affects Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS through improper memory handling during web content processing. Local attackers without authentication can trigger this vulnerability via crafted web content to cause application crashes. Vendor-released patches are available across all affected platforms; EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite the moderate CVSS 6.2 rating.

Apple Safari iOS macOS Denial Of Service
CVE-2025-43206 MEDIUM CVSS 4.0
Path traversal vulnerability in macOS allows local applications to bypass directory path validation and access protected user data without authentication. Affecting macOS Ventura, Sonoma, and Sequoia, the flaw stems from improper path parsing that enables an unprivileged app to read sensitive files outside intended boundaries. Apple has released patches for all affected versions (Ventura 13.7.7, Sonoma 14.7.7, Sequoia 15.6); exploitation requires local access and app execution capability, resulting in low real-world risk despite moderate CVSS score.

Apple macOS Path Traversal Information Disclosure

Today's Vulnerabilities Vulnerabilities