← Back to CVEs

CVE-2025-43529

HIGHCISA KEV

8.8

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published12/17/2025

Last Modified4/3/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorApple

ProductMultiple Products

Vulnerability NameApple Multiple Products Use-After-Free WebKit Vulnerability

KEV Date Added2025-12-15

Remediation Due Date2026-01-05

Ransomware UseUnknown

Affected Products

apple:ipadosapple:iphone_osapple:macosapple:safariapple:tvosapple:visionosapple:watchos

Weaknesses (CWE)

CWE-416

References

https://support.apple.com/en-us/125884(product-security@apple.com)

https://support.apple.com/en-us/125885(product-security@apple.com)

https://support.apple.com/en-us/125886(product-security@apple.com)

https://support.apple.com/en-us/125889(product-security@apple.com)

https://support.apple.com/en-us/125890(product-security@apple.com)

https://support.apple.com/en-us/125891(product-security@apple.com)

https://support.apple.com/en-us/125892(product-security@apple.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.