Use-After-Free Vulnerability in Safari by Apple
CVE-2025-43368

4.3MEDIUM

Key Information:

Vendor

Apple

Vendor
CVE Published:
15 September 2025

What is CVE-2025-43368?

CVE-2025-43368 is a use-after-free vulnerability identified in the Safari web browser developed by Apple. This type of vulnerability arises when a program continues to use a pointer after the memory it points to has been freed, potentially leading to undefined behavior, system crashes, or exploitation opportunities. The vulnerability could negatively impact organizations by causing instability in the Safari browser, leading to unexpected crashes when processing maliciously crafted web content. Such crashes not only disrupt user activities but could also be leveraged by threat actors to perform further attacks, either by inducing denial-of-service conditions or by executing arbitrary code. The issue arises from inadequate memory management practices within the browser, underscoring the importance of robust coding standards in safeguarding user environments.

Potential impact of CVE-2025-43368

  1. System Instability: The vulnerability can lead to unexpected crashes of the Safari browser, which can disrupt business operations and affect productivity, especially if used in enterprise environments where browser stability is critical.

  2. Increased Attack Surface: By exploiting this vulnerability, an attacker could potentially execute malicious code on the affected device, leading to broader security breaches within an organization’s network.

  3. Data Integrity Risks: The exploitation of such a vulnerability may allow unauthorized access to sensitive data, risking data integrity and exposing organizations to further threats, including data theft and loss of confidential information.

Affected Version(s)

iOS and iPadOS < 26

macOS < 26

Safari < 26

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.