Watchos
CVE-2025-43459
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An authentication issue was addressed with improved state management. This issue is fixed in watchOS 26.1. An attacker with physical access to a locked Apple Watch may be able to view Live Voicemail.
AnalysisAI
An authentication issue was addressed with improved state management. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. An authentication issue was addressed with improved state management. This issue is fixed in watchOS 26.1. An attacker with physical access to a locked Apple Watch may be able to view Live Voicemail. Affected products include: Apple Watchos.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01
WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing malici
An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is low attack comp
An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authenticati
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in I
An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex
An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attacke
An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today