CVE-2025-43430
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 26.1 (exc) |
| apple | ipados | to 26.1 (exc) |
| apple | iphone_os | to 26.1 (exc) |
| apple | tvos | to 26.1 (exc) |
| apple | visionos | to 26.1 (exc) |
| apple | watchos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Update affected Apple products to version 26.1 or later, including Safari, visionOS, watchOS, iOS, iPadOS, and tvOS, to apply the fix that improves state management and prevents unexpected process crashes from malicious web content.
Can you explain this vulnerability to me?
This vulnerability involves processing maliciously crafted web content that may cause an unexpected process crash. It was addressed by improving state management in affected Apple software.
How can this vulnerability impact me? :
The vulnerability can lead to an unexpected crash of the affected process when malicious web content is processed, potentially disrupting normal operation of the software.