CVE-2025-43458
BaseFortify
Publication date: 2025-11-04
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 26.1 (exc) |
| apple | ipados | to 26.1 (exc) |
| apple | iphone_os | to 26.1 (exc) |
| apple | tvos | to 26.1 (exc) |
| apple | visionos | to 26.1 (exc) |
| apple | watchos | to 26.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Safari and related Apple operating systems processing maliciously crafted web content, which may cause an unexpected process crash. The issue was addressed through improved state management and fixed in Safari 26.1 and other Apple OS versions 26.1.
How can this vulnerability impact me? :
The vulnerability can cause an unexpected process crash when processing malicious web content, potentially leading to denial of service or disruption of normal browser or system operation.
What immediate steps should I take to mitigate this vulnerability?
Update affected Apple products to version 26.1 or later, including Safari, visionOS, watchOS, iOS, iPadOS, and tvOS, to apply the fix that improves state management and prevents unexpected process crashes from malicious web content.