CVE-2025-43495

State: PUBLISHED · Published: 2025-11-04 · Updated: 2026-04-02 · Assigner: apple

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to monitor keystrokes without user permission.

CWE

CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-284 — CWE-284 Improper Access Control

Affected

Apple / iOS and iPadOS — v=0 <18.7.2 [affected]; v=0 <26.1 [affected]

CVSS

(none)

References

https://support.apple.com/en-us/125632
https://support.apple.com/en-us/125633

Source

cvelistV5-main/cves/2025/43xxx/CVE-2025-43495.json