What is the CVSS score of CVE-2025-43213?

CVE-2025-43213 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Is there a patch available for CVE-2025-43213?

Yes, a patch is available for CVE-2025-43213. Update the affected software to the latest version immediately.

iOS CVE-2025-43213

MEDIUM

Buffer Overflow (CWE-119)

2025-07-30 product-security@apple.com

Denial Of Service Memory Corruption Apple iOS macOS Red Hat Ipados Iphone Os Safari Tvos Visionos Watchos Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Apr 06, 2026 - 08:30 nvd

Patch available

Analysis Generated

Apr 02, 2026 - 19:37 vuln.today

CVE Published

Jul 30, 2025 - 00:15 nvd

MEDIUM 6.5

DescriptionNVD

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

AnalysisAI

Safari and Apple platform web content processing crashes due to a buffer overflow vulnerability when handling maliciously crafted web content. Affects Safari 18.5 and earlier, iOS 18.5 and earlier, iPadOS 18.5 and earlier, macOS Sequoia 15.5 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Unauthenticated remote attackers can trigger a denial of service by enticing users to visit a malicious webpage, resulting in application crash with no data theft or code execution capability. No public exploit identified at time of analysis; EPSS score of 0.12% indicates low real-world exploitation probability despite moderate CVSS rating.

Technical ContextAI

The vulnerability is a buffer overflow (CWE-119) within Apple's web content rendering engine, affecting memory handling during processing of specially crafted HTML, JavaScript, or other web-native content formats. The issue spans multiple Apple platforms sharing common WebKit-based rendering components, including Safari (standalone browser), iOS/iPadOS (mobile operating systems), macOS Sequoia (desktop), tvOS (television), visionOS (spatial computing), and watchOS (wearable). The buffer overflow occurs without memory safety violations in safe languages, suggesting insufficient bounds checking in native code handling parsed web content-a common attack surface in browser engines when processing malformed or adversarial markup and scripts.

RemediationAI

Vendor-released patch: Safari 18.6, iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, and watchOS 11.6. All users should immediately update their Apple devices and browsers to these patched versions. Update instructions are provided in Apple's official support documents: https://support.apple.com/en-us/124147 (iOS), https://support.apple.com/en-us/124149 (iPadOS), https://support.apple.com/en-us/124152 (macOS Sequoia), https://support.apple.com/en-us/124153 (tvOS), https://support.apple.com/en-us/124154 (visionOS), and https://support.apple.com/en-us/124155 (watchOS). No known workarounds exist; patching is the only remediation. Until updates can be deployed, users should avoid visiting untrusted or suspicious websites.