CVE-2025-43300
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
21/08/2025
Last modified:
26/11/2025
Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Impact
Base Score 3.x
10.00
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | 15.8.5 (excluding) | |
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | 16.0 (including) | 16.7.12 (excluding) |
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | 18.0 (including) | 18.6.2 (excluding) |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 15.8.5 (excluding) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 16.0 (including) | 16.7.12 (excluding) |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 18.0 (including) | 18.6.2 (excluding) |
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | 13.7.8 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://support.apple.com/en-us/125141
- https://support.apple.com/en-us/125142
- http://seclists.org/fulldisclosure/2025/Sep/10
- http://seclists.org/fulldisclosure/2025/Sep/14
- http://seclists.org/fulldisclosure/2025/Sep/52
- https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md
- https://github.com/cisagov/vulnrichment/issues/201
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43300