CVE-2025-46279 (GCVE-0-2025-46279)
Vulnerability from
Published
2025-12-17 20:47
Modified
2025-12-18 19:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An app may be able to identify what other apps a user has installed
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-46279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T19:10:39.354122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:29:12.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. An app may be able to identify what other apps a user has installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to identify what other apps a user has installed",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:47:12.963Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125885"
},
{
"url": "https://support.apple.com/en-us/125889"
},
{
"url": "https://support.apple.com/en-us/125884"
},
{
"url": "https://support.apple.com/en-us/125891"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125890"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-46279",
"datePublished": "2025-12-17T20:47:12.963Z",
"dateReserved": "2025-04-22T21:13:49.958Z",
"dateUpdated": "2025-12-18T19:29:12.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43480 (GCVE-0-2025-43480)
Vulnerability from
Published
2025-11-04 01:16
Modified
2025-12-18 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A malicious website may exfiltrate data cross-origin
Summary
The issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. A malicious website may exfiltrate data cross-origin.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:32:41.895934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:35:55.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. A malicious website may exfiltrate data cross-origin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious website may exfiltrate data cross-origin",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:46:52.046Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125640"
},
{
"url": "https://support.apple.com/en-us/125637"
},
{
"url": "https://support.apple.com/en-us/125634"
},
{
"url": "https://support.apple.com/en-us/125638"
},
{
"url": "https://support.apple.com/en-us/125639"
},
{
"url": "https://support.apple.com/en-us/125632"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43480",
"datePublished": "2025-11-04T01:16:35.173Z",
"dateReserved": "2025-04-16T15:24:37.126Z",
"dateUpdated": "2025-12-18T18:35:55.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43440 (GCVE-0-2025-43440)
Vulnerability from
Published
2025-11-04 01:16
Modified
2025-12-18 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
Summary
This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:22:19.576519Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:34:28.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:46:55.316Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125640"
},
{
"url": "https://support.apple.com/en-us/125637"
},
{
"url": "https://support.apple.com/en-us/125634"
},
{
"url": "https://support.apple.com/en-us/125638"
},
{
"url": "https://support.apple.com/en-us/125639"
},
{
"url": "https://support.apple.com/en-us/125632"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43440",
"datePublished": "2025-11-04T01:16:47.933Z",
"dateReserved": "2025-04-16T15:24:37.125Z",
"dateUpdated": "2025-12-18T18:34:28.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43436 (GCVE-0-2025-43436)
Vulnerability from
Published
2025-11-04 01:17
Modified
2025-12-18 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An app may be able to enumerate a user's installed apps
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user's installed apps.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T15:14:20.396123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:34:08.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to enumerate a user\u0027s installed apps."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to enumerate a user\u0027s installed apps",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:46:59.977Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125637"
},
{
"url": "https://support.apple.com/en-us/125634"
},
{
"url": "https://support.apple.com/en-us/125638"
},
{
"url": "https://support.apple.com/en-us/125639"
},
{
"url": "https://support.apple.com/en-us/125632"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43436",
"datePublished": "2025-11-04T01:17:09.977Z",
"dateReserved": "2025-04-16T15:24:37.124Z",
"dateUpdated": "2025-12-18T18:34:08.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43529 (GCVE-0-2025-43529)
Vulnerability from
Published
2025-12-17 20:46
Modified
2025-12-18 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 18.7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43529",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-14T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T04:55:15.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:46:55.691Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125885"
},
{
"url": "https://support.apple.com/en-us/125889"
},
{
"url": "https://support.apple.com/en-us/125892"
},
{
"url": "https://support.apple.com/en-us/125884"
},
{
"url": "https://support.apple.com/en-us/125891"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125890"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43529",
"datePublished": "2025-12-17T20:46:55.691Z",
"dateReserved": "2025-04-16T15:27:21.197Z",
"dateUpdated": "2025-12-18T04:55:15.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-1762 (GCVE-0-2016-1762)
Vulnerability from
Published
2016-03-24 01:00
Modified
2025-12-17 22:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:38.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206168"
},
{
"name": "RHSA-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1292"
},
{
"name": "APPLE-SA-2016-03-21-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3593"
},
{
"name": "1035353",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035353"
},
{
"name": "APPLE-SA-2016-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xmlsoft.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=759671"
},
{
"name": "USN-2994-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2994-1"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206171"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "APPLE-SA-2016-03-21-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206169"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT206166"
},
{
"name": "85059",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/85059"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-1762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T22:04:28.247524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:04:31.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
},
{
"name": "APPLE-SA-2016-03-21-5",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206168"
},
{
"name": "RHSA-2016:1292",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1292"
},
{
"name": "APPLE-SA-2016-03-21-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3593",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3593"
},
{
"name": "1035353",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035353"
},
{
"name": "APPLE-SA-2016-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xmlsoft.org/news.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=759671"
},
{
"name": "USN-2994-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2994-1"
},
{
"name": "APPLE-SA-2016-03-21-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206171"
},
{
"name": "RHSA-2016:2957",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "APPLE-SA-2016-03-21-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206169"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT206166"
},
{
"name": "85059",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/85059"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2016-1762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
},
{
"name": "APPLE-SA-2016-03-21-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
},
{
"name": "https://support.apple.com/HT206167",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206167"
},
{
"name": "https://support.apple.com/HT206168",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206168"
},
{
"name": "RHSA-2016:1292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1292"
},
{
"name": "APPLE-SA-2016-03-21-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
},
{
"name": "DSA-3593",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2016/dsa-3593"
},
{
"name": "1035353",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035353"
},
{
"name": "APPLE-SA-2016-03-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
},
{
"name": "http://xmlsoft.org/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/news.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=759671",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=759671"
},
{
"name": "USN-2994-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2994-1"
},
{
"name": "APPLE-SA-2016-03-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602"
},
{
"name": "https://support.apple.com/HT206171",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206171"
},
{
"name": "RHSA-2016:2957",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
},
{
"name": "APPLE-SA-2016-03-21-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
},
{
"name": "https://support.apple.com/HT206169",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206169"
},
{
"name": "https://support.apple.com/HT206166",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT206166"
},
{
"name": "85059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/85059"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2016-1762",
"datePublished": "2016-03-24T01:00:00.000Z",
"dateReserved": "2016-01-13T00:00:00.000Z",
"dateUpdated": "2025-12-17T22:04:31.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43533 (GCVE-0-2025-43533)
Vulnerability from
Published
2025-12-17 20:46
Modified
2025-12-17 21:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- A malicious HID device may cause an unexpected process crash
Summary
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:35:13.319406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:35:20.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. A malicious HID device may cause an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious HID device may cause an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:46:58.348Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125889"
},
{
"url": "https://support.apple.com/en-us/125884"
},
{
"url": "https://support.apple.com/en-us/125891"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125890"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43533",
"datePublished": "2025-12-17T20:46:58.348Z",
"dateReserved": "2025-04-16T15:27:21.198Z",
"dateUpdated": "2025-12-17T21:35:20.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43531 (GCVE-0-2025-43531)
Vulnerability from
Published
2025-12-17 20:46
Modified
2025-12-17 21:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
Summary
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apple | iOS and iPadOS |
Version: unspecified < 18.7 |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:10:04.613113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:10:18.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:46:41.109Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125885"
},
{
"url": "https://support.apple.com/en-us/125889"
},
{
"url": "https://support.apple.com/en-us/125892"
},
{
"url": "https://support.apple.com/en-us/125884"
},
{
"url": "https://support.apple.com/en-us/125891"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125890"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43531",
"datePublished": "2025-12-17T20:46:41.109Z",
"dateReserved": "2025-04-16T15:27:21.197Z",
"dateUpdated": "2025-12-17T21:10:18.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43430 (GCVE-0-2025-43430)
Vulnerability from
Published
2025-11-04 01:17
Modified
2025-12-17 20:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
Summary
This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-04T12:56:41.681706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703 Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T16:50:56.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:47:18.874Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125640"
},
{
"url": "https://support.apple.com/en-us/125637"
},
{
"url": "https://support.apple.com/en-us/125634"
},
{
"url": "https://support.apple.com/en-us/125638"
},
{
"url": "https://support.apple.com/en-us/125639"
},
{
"url": "https://support.apple.com/en-us/125632"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43430",
"datePublished": "2025-11-04T01:17:57.253Z",
"dateReserved": "2025-04-16T15:24:37.124Z",
"dateUpdated": "2025-12-17T20:47:18.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43294 (GCVE-0-2025-43294)
Vulnerability from
Published
2025-09-15 22:35
Modified
2025-12-17 20:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An app may be able to access sensitive user data
Summary
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T19:08:47.284986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T15:18:50.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:10:14.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in tvOS 26.1, macOS Tahoe 26, watchOS 26.1, iOS 26.1 and iPadOS 26.1. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:47:16.403Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125637"
},
{
"url": "https://support.apple.com/en-us/125639"
},
{
"url": "https://support.apple.com/en-us/125110"
},
{
"url": "https://support.apple.com/en-us/125632"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43294",
"datePublished": "2025-09-15T22:35:50.190Z",
"dateReserved": "2025-04-16T15:24:37.102Z",
"dateUpdated": "2025-12-17T20:47:16.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
displaying 1 - 10 organizations in total 564