CVE-2025-43539

Published: Dec 12, 2025Modified: Apr 2, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.

Affected (2)

Products: Apple: Macos

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 14.8.3
Apple Macos	From 15.0 to 15.7.3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://support.apple.com/en-us/125884

Source: product-security@apple.com

https://support.apple.com/en-us/125885

Source: product-security@apple.com

https://support.apple.com/en-us/125886

Source: product-security@apple.com

https://support.apple.com/en-us/125887

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/125888

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/125889

Source: product-security@apple.com

https://support.apple.com/en-us/125890

Source: product-security@apple.com

https://support.apple.com/en-us/125891

Source: product-security@apple.com

Timeline

No history available yet.