CVE-2025-43226

MEDIUM
2025-07-30 [email protected]
4.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Jul 30, 2025 - 00:15 nvd
MEDIUM 4.0

Tags

Apple iOS macOS Information Disclosure Ipados Iphone Os Tvos Visionos Watchos

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted image may result in disclosure of process memory.

Analysis

Out-of-bounds memory read in Apple's image processing component allows local attackers without privileges to disclose sensitive process memory by supplying a maliciously crafted image, affecting iOS 18.5 and earlier, iPadOS 17.7.8 and earlier, macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. No public exploit code or active exploitation has been identified; exploitation requires local access and user interaction to process the malicious image. The EPSS score of 0.02% (5th percentile) indicates minimal real-world exploitation likelihood despite the broad platform impact.

Technical Context

This vulnerability is a classic out-of-bounds read vulnerability (CWE-125) in image processing code across Apple's operating systems. The root cause stems from insufficient input validation when parsing maliciously crafted image files, allowing an attacker to read memory beyond allocated buffer boundaries. The flaw resides in image handling routines present across iOS, iPadOS, macOS, tvOS, visionOS, and watchOS-all leveraging shared image processing libraries. The local attack vector (AV:L) means the attacker must have some level of system access, though no privilege escalation (PR:N) is required. The attack exploits a memory safety issue commonly found in C/C++ code where image dimension or size fields are not properly validated before being used in buffer operations.

Affected Products

The vulnerability affects iOS 18.5 and earlier, iPadOS 18.5 and earlier (also iPadOS 17.7.8 and earlier for older iPad devices), macOS Sequoia 15.5 and earlier, macOS Sonoma 14.7.6 and earlier, tvOS 18.5 and earlier, visionOS 2.5 and earlier, and watchOS 11.5 and earlier. Apple's CPE identifiers confirm broad impact across cpe:2.3:o:apple:iphone_os, cpe:2.3:o:apple:ipados, cpe:2.3:o:apple:macos, cpe:2.3:o:apple:tvos, cpe:2.3:o:apple:visionos, and cpe:2.3:o:apple:watchos products. Detailed version coverage and security updates are documented in Apple's official advisories at support.apple.com/en-us/124147 through 124155.

Remediation

Apply the following vendor-released patches immediately: iOS 18.6, iPadOS 18.6 (or iPadOS 17.7.9 for older iPad devices), macOS Sequoia 15.6, macOS Sonoma 14.7.7, tvOS 18.6, visionOS 2.6, and watchOS 11.6. All patches address the input validation flaw in image processing. Users should enable automatic security updates in System Preferences (macOS) or Settings (iOS/iPadOS/tvOS/watchOS) to receive patches automatically. Organizations managing Apple devices should prioritize deployment within 30 days but need not declare emergency status given low EPSS and local-only attack vector. No interim workarounds are available other than avoiding processing untrusted image files. Full details and download links are available in Apple's security advisories at https://support.apple.com/en-us/124147 and related support pages.

Priority Score

20
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +20
POC: 0

Share

CVE-2025-43226 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy