EUVD-2025-209194

| CVE-2025-43219 HIGH
2026-04-02 apple GHSA-p5fv-r355-w43j
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 02, 2026 - 19:01 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 19:01 euvd
EUVD-2025-209194
CVE Published
Apr 02, 2026 - 18:07 nvd
HIGH 8.8

Tags

Apple Memory Corruption Buffer Overflow

Description

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.

Analysis

Memory corruption in macOS Sequoia image processing allows remote attackers to achieve arbitrary code execution via maliciously crafted images requiring user interaction. Affects macOS Sequoia versions prior to 15.6, with CVSS 8.8 (High) severity due to potential for complete system compromise. EPSS data unavailable; no public exploit identified at time of analysis. Apple addressed the vulnerability through improved memory handling in macOS 15.6 (released June 2025). Attack requires victim to process a weaponized image file, making social engineering or malicious websites likely delivery vectors.

Technical Context

This vulnerability affects Apple's image processing subsystem within macOS Sequoia (cpe:2.3:a:apple:macos). The flaw stems from improper memory handling when parsing image files, leading to process memory corruption. While no specific CWE classification is provided, the description indicates a memory safety issue likely related to buffer overflows, use-after-free, or similar memory management defects. Apple's image processing frameworks handle multiple file formats (JPEG, PNG, HEIF, etc.) and are invoked by system services, applications, and even preview/thumbnail generation. Memory corruption in image parsers is a historically significant attack surface, as image files are ubiquitous and often processed automatically by email clients, browsers, and file managers. The total technical impact rating in SSVC indicates successful exploitation could lead to arbitrary code execution with the privileges of the vulnerable process.

Affected Products

Apple macOS Sequoia versions prior to 15.6 are affected (cpe:2.3:a:apple:macos:*:*:*:*:*:*:*:*). EUVD data specifies the vulnerable version range as macOS 0 through versions before 15.6. This vulnerability is specific to the Sequoia release branch and does not appear to affect earlier macOS versions (Sonoma, Ventura, etc.) based on available vendor advisories. Users and organizations running macOS Sequoia 15.0 through 15.5.x should prioritize remediation. Official vendor advisory available at https://support.apple.com/en-us/124149 with additional details at NVD https://nvd.nist.gov/vuln/detail/CVE-2025-43219.

Remediation

Vendor-released patch: macOS Sequoia 15.6. Organizations should deploy macOS 15.6 immediately through standard software update mechanisms (System Settings > General > Software Update) or enterprise patch management tools (Jamf, Munki, Apple Business Manager). Apple's security update HT124149 (https://support.apple.com/en-us/124149) provides official remediation guidance. No workarounds are documented; patching is the only confirmed mitigation. For environments unable to patch immediately, interim risk reduction may include restricting image file sources, disabling automatic image preview/thumbnail generation, and implementing email attachment filtering to block suspicious image files, though these measures provide incomplete protection. Verification post-patch: confirm macOS version reads 15.6 or later via 'About This Mac'.

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +44
POC: 0

Share

EUVD-2025-209194 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy