← Back

CVE-2025-43356

nvd nist
Published: Sep 15, 2025Modified: Apr 2, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent.

Affected (7)

Apple
7 products
Ipados
Iphone Os
Macos
Safari
Tvos
Visionos
Watchos
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Ipados
Before 18.7
Iphone Os
Before 18.7
Macos
Before 26.0
Safari
Before 26.0
Tvos
Before 26.0
Visionos
Before 26.0
Watchos
Before 26.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (13)

Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.