CVE-2025-43300

CRITICAL
2025-08-21 [email protected]
10.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Added to CISA KEV
Apr 03, 2026 - 14:28 cisa
CISA KEV
PoC Detected
Apr 03, 2026 - 14:28 vuln.today
Public exploit code
Analysis Generated
Mar 28, 2026 - 19:08 vuln.today
CVE Published
Aug 21, 2025 - 01:15 nvd
CRITICAL 10.0

Tags

Memory Corruption Buffer Overflow Apple

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Analysis

Apple iOS/iPadOS contain an out-of-bounds write in image processing that allows code execution through malicious images, exploited in extremely sophisticated targeted attacks against specific individuals.

Technical Context

The CWE-787 out-of-bounds write in the image processing pipeline is triggered by malformed image data. The vulnerability affects older iOS versions (15.x, 16.x), indicating it was exploited before the latest security updates.

Affected Products

['Apple iOS 15.x before 15.8.5', 'Apple iPadOS 15.x before 15.8.5', 'Apple iOS 16.x before 16.7.12', 'Apple iPadOS 16.x before 16.7.12']

Remediation

Update iOS/iPadOS. Enable Lockdown Mode for at-risk individuals.

Priority Score

121
Low Medium High Critical
KEV: +50
EPSS: +0.5
CVSS: +50
POC: +20

Share

CVE-2025-43300 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy