CVE-2025-43529_CVE-2025-43529

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

AI Analysis

Use-after-free issue allowing arbitrary code execution

Basic Information

ID CVE-2025-43529

Source apple

Published Dec 17, 2025 at 20:46

Modified Dec 17, 2025 at 21:06

Affected Product

Vendor Apple

Product iOS and iPadOS

Version unspecified

Affected Versions Apple iOS and iPadOS unspecified
Apple tvOS unspecified
Apple Safari unspecified
Apple iOS and iPadOS unspecified
Apple visionOS unspecified
Apple macOS unspecified
Apple watchOS unspecified

CWE Classification

CWE-416

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Apple

Product Safari, iOS, iPadOS, watchOS, tvOS, visionOS, macOS

Version before iOS 26, before iPadOS 26, before watchOS 26.2, before tvOS 26.2, before visionOS 26.2, before macOS Tahoe 26.2, before Safari 26.2

References

{
    "lastseen": "",
    "description": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.",
    "published": "2025-12-17T20:46:55.691Z",
    "modified": "2025-12-17T21:06:04.200Z",
    "type": "cve",
    "title": "CVE-2025-43529",
    "source": "apple",
    "references": "https://support.apple.com/en-us/125885\nhttps://support.apple.com/en-us/125889\nhttps://support.apple.com/en-us/125892\nhttps://support.apple.com/en-us/125884\nhttps://support.apple.com/en-us/125891\nhttps://support.apple.com/en-us/125886\nhttps://support.apple.com/en-us/125890",
    "id": "CVE-2025-43529",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416"
    ],
    "cvelist": null,
    "sourceData": "Apple iOS and iPadOS unspecified\nApple tvOS unspecified\nApple Safari unspecified\nApple iOS and iPadOS unspecified\nApple visionOS unspecified\nApple macOS unspecified\nApple watchOS unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iOS and iPadOS",
    "version": "unspecified",
    "vendor": "Apple",
    "ai_description": "Use-after-free issue allowing arbitrary code execution",
    "ai_severity": "High",
    "ai_vendor": "Apple",
    "ai_product": "Safari, iOS, iPadOS, watchOS, tvOS, visionOS, macOS",
    "ai_version": "before iOS 26, before iPadOS 26, before watchOS 26.2, before tvOS 26.2, before visionOS 26.2, before macOS Tahoe 26.2, before Safari 26.2",
    "ai_score": 8.8
}