CVE-2025-43372
BaseFortify
Publication date: 2025-09-15
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 26.0 (exc) |
| apple | iphone_os | to 26.0 (exc) |
| apple | macos | to 26.0 (exc) |
| apple | tvos | to 26.0 (exc) |
| apple | visionos | to 26.0 (exc) |
| apple | watchos | to 26.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper input validation when processing media files. A specially crafted malicious media file can cause an application to terminate unexpectedly or corrupt the process memory.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause applications to crash or behave unpredictably due to memory corruption, potentially leading to denial of service or other unintended behavior on affected devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your devices to the fixed versions: tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26, and iPadOS 26. Avoid processing untrusted or maliciously crafted media files until the update is applied.