CVE-2025-43428_CVE-2025-43428

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.

AI Analysis

Photos in the Hidden Photos Album may be viewed without authentication due to a configuration issue

Basic Information

ID CVE-2025-43428

Source apple

Published Dec 17, 2025 at 20:46

Modified Dec 18, 2025 at 19:20

Affected Product

Vendor Apple

Product iOS and iPadOS

Version unspecified

Affected Versions Apple iOS and iPadOS unspecified
Apple visionOS unspecified
Apple macOS unspecified

CWE Classification

CWE-306

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Apple

Product iOS and iPadOS, visionOS, macOS

Version before 26.2

References

{
    "lastseen": "",
    "description": "A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.",
    "published": "2025-12-17T20:46:35.128Z",
    "modified": "2025-12-18T19:20:07.280Z",
    "type": "cve",
    "title": "CVE-2025-43428",
    "source": "apple",
    "references": "https://support.apple.com/en-us/125884\nhttps://support.apple.com/en-us/125891\nhttps://support.apple.com/en-us/125886",
    "id": "CVE-2025-43428",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Apple iOS and iPadOS unspecified\nApple visionOS unspecified\nApple macOS unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iOS and iPadOS",
    "version": "unspecified",
    "vendor": "Apple",
    "ai_description": "Photos in the Hidden Photos Album may be viewed without authentication due to a configuration issue",
    "ai_severity": "Critical",
    "ai_vendor": "Apple",
    "ai_product": "iOS and iPadOS, visionOS, macOS",
    "ai_version": "before 26.2",
    "ai_score": 9.8
}