CVE-2025-43427
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 26.1 (exc) |
| apple | ipados | to 26.1 (exc) |
| apple | iphone_os | to 26.1 (exc) |
| apple | tvos | to 26.1 (exc) |
| apple | visionos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves processing maliciously crafted web content that may cause an unexpected process crash. It was addressed by improving state management in affected Apple operating systems and software.
How can this vulnerability impact me? :
The vulnerability can lead to an unexpected process crash when malicious web content is processed, potentially disrupting normal operation of the affected device or software.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update affected Apple devices and software to version 26.1 or later, including iOS, iPadOS, tvOS, Safari, and visionOS.