CVE-2025-43534
Received Received - Intake
Activation Lock Bypass via Path Validation Flaw in iOS Devices

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: Apple Inc.

Description
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2025-43534
EUVD
EUVD-2025-208977
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
apple ipados From 26.0 (inc) to 26.2 (exc)
apple iphone_os From 26.0 (inc) to 26.2 (exc)
apple ipados to 18.7.7 (exc)
apple iphone_os to 18.7.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2025-43534, is a path handling issue in iOS and iPadOS devices that could allow a user with physical access to bypass the Activation Lock feature.

Impact Analysis

If exploited, this vulnerability could allow someone with physical access to your iOS device to bypass the Activation Lock, potentially gaining unauthorized access to the device.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should update your iOS or iPadOS devices to the fixed versions: iOS 18.7.7 or iPadOS 18.7.7, or later versions such as iOS 26.2 and iPadOS 26.2.

These updates include improved validation and fixes that prevent bypassing Activation Lock and unauthorized kernel memory disclosure.

Ensure that only trusted users have physical access to your devices until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-43534. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart