CVE-2025-43209

State: PUBLISHED · Published: 2025-07-29 · Updated: 2026-04-02 · Assigner: apple

Description

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CWE

CWE-787 — CWE-787 Out-of-bounds Write

Affected

Apple / iOS and iPadOS — v=0 <18.6 [affected]
Apple / iPadOS — v=0 <17.7.9 [affected]
Apple / macOS — v=0 <13.7.7 [affected]; v=0 <14.7.7 [affected]; v=0 <15.6 [affected]
Apple / tvOS — v=0 <18.6 [affected]
Apple / visionOS — v=0 <2.6 [affected]
Apple / watchOS — v=0 <11.6 [affected]

CVSS

(none)

References

https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124148
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124150
https://support.apple.com/en-us/124151
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124154
https://support.apple.com/en-us/124155

Source

cvelistV5-main/cves/2025/43xxx/CVE-2025-43209.json