CVE-2025-43205
BaseFortify
Publication date: 2025-11-12
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 18.4 (exc) |
| apple | iphone_os | to 18.4 (exc) |
| apple | tvos | to 18.4 (exc) |
| apple | visionos | to 2.4 (exc) |
| apple | watchos | to 11.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds access issue that was addressed by improving bounds checking. It allows an app to potentially bypass Address Space Layout Randomization (ASLR), a security feature that helps prevent exploitation of memory corruption vulnerabilities.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a malicious app to bypass ASLR, potentially leading to unauthorized access or execution of arbitrary code, which could compromise the security of the affected device.
What immediate steps should I take to mitigate this vulnerability?
Update affected Apple operating systems to the fixed versions: watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4, and iPadOS 18.4 to address the out-of-bounds access issue and prevent apps from bypassing ASLR.