Logic Flaw Affecting Apple Operating Systems and Devices
CVE-2025-43359

9.8CRITICAL

Key Information:

Vendor

Apple

Vendor
CVE Published:
15 September 2025

What is CVE-2025-43359?

A logic flaw in the state management of various Apple operating systems may allow a UDP server socket that is intended to be restricted to a local interface to inadvertently bind to all interfaces. This issue could potentially expose the device to unintended network traffic, leading to security concerns. Users are advised to update their devices to the latest versions to mitigate this risk.

Affected Version(s)

iOS and iPadOS < 26

iOS and iPadOS < 18.7

macOS < 14.8

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.