iOS
CVE-2025-43280
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
AnalysisAI
Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.
Technical ContextAI
Lockdown Mode is Apple's hardened security configuration designed to protect high-risk users by disabling certain features and enforcing stricter privacy controls. The underlying issue involves CWE-940 (Improper Restriction of Rendered UI Layers or Frames), where the Mail application failed to properly restrict remote image loading within the Lockdown Mode context. When a user forwards an email, the Mail client would still load remote images (typically tracking pixels) despite Lockdown Mode being enabled, allowing remote servers to verify email addresses, infer email forwarding patterns, and potentially identify the user's operational status. The affected products are Apple's iOS (iPhone OS) and iPadOS operating systems, which share the same Mail codebase.
RemediationAI
Vendor-released patch: iOS 18.6 and iPadOS 18.6. Users should update their iPhone and iPad devices to iOS 18.6 or iPadOS 18.6 or later immediately. The patch modifies Mail's behavior to prevent loading remote images when forwarding emails in Lockdown Mode. No workarounds are available prior to patching. Users concerned about email tracking can manually avoid forwarding emails until their device is updated, though this is not a practical long-term solution. For deployment guidance and security advisory details, consult https://support.apple.com/en-us/124147.
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensiti
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticate
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionO
Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS
A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerabi
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today