CVE-2025-43428

Published: Dec 17, 2025Modified: Apr 2, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in the Hidden Photos Album may be viewed without authentication.

Affected (4)

Products: Apple: Ipados, Iphone Os, Macos, Visionos

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 26.2
Apple Iphone Os	Before 26.2
Apple Macos	Before 26.2
Apple Visionos	Before 26.2

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (3)

https://support.apple.com/en-us/125884

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/125886

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/125891

Source: product-security@apple.com

Release NotesVendor Advisory

Timeline

No history available yet.