What is the CVSS score of CVE-2025-43520?

CVE-2025-43520 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Apple are affected by CVE-2025-43520?

CVE-2025-43520 is a memory corruption vulnerability affecting multiple Apple platforms that could allow malicious apps to crash systems or access kernel memory.

Is there a public PoC exploit available for CVE-2025-43520?

Yes, a public proof-of-concept exploit is available for CVE-2025-43520. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-43520?

Within 24 hours: Inventory all Apple devices in your environment and document OS versions. Within 7 days: Communicate vulnerability status to device owners and restrict installation of untrusted applications; implement Mobile Device Management (MDM) controls to limit sideloading of applications. Within 30 days: Monitor Apple security advisories for patch availability and establish a deployment plan; consider upgrading to the latest patched OS versions as they become available.

Apple CVE-2025-43520

MEDIUM

Out-of-bounds Write (CWE-787)

2025-12-12 product-security@apple.com

Buffer Overflow Memory Corruption Apple

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Added to CISA KEV

Apr 03, 2026 - 14:28 cisa

CISA KEV

PoC Detected

Apr 03, 2026 - 14:28 vuln.today

Public exploit code

Analysis Generated

Mar 18, 2026 - 19:22 vuln.today

CVE Published

Dec 12, 2025 - 21:15 nvd

MEDIUM 5.5

DescriptionNVD

A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

AnalysisAI

Apple kernel memory corruption in multiple operating systems allows a malicious application to cause unexpected system termination or write kernel memory via an out-of-bounds write flaw addressed in watchOS 26.1, iOS 18.7.2, and macOS Tahoe 26.1.

Technical ContextAI

The flaw (CWE-787) stems from improper memory handling in the kernel, where a malicious app can trigger an out-of-bounds write to kernel memory pages. Apple addressed this with improved memory handling across all affected platforms.

RemediationAI

Update all Apple devices to the latest OS versions. Enterprise environments should enforce MDM policies requiring minimum OS versions and restrict sideloading of applications.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

CVE-2026-5817 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Model Runner's vllm-metal inference backend on macOS allows any container on the Dock

CVE-2026-5843 HIGH This Week

8.2 May 22

Arbitrary code execution in Docker Desktop's Model Runner on macOS allows any container on the Docker network to escape

CVE-2025-43306 HIGH This Week

7.8 May 26

Local privilege escalation in Apple macOS allows a malicious app already running with low privileges to elevate to root

CVE-2026-49237 HIGH This Week

7.8 May 28

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain r

CVE-2025-43520 vulnerability details – vuln.today

Back

Apple CVE-2025-43520

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code