Input Validation Flaw in Apple Operating Systems
CVE-2025-43372

6.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; TV OS; Visionos; Watch OS
Vendor: CVE Published:; 15 September 2025

What is CVE-2025-43372?

An input validation vulnerability in several Apple operating systems could allow an attacker to craft a malicious media file that, when processed, may lead to unexpected app termination or corruption of process memory. Users are strongly advised to update their devices to the latest versions to mitigate risks associated with this issue.

Affected Version(s)

iOS and iPadOS < 26

macOS < 26

tvOS < 26

References

https://support.apple.com/en-us/125108

https://support.apple.com/en-us/125114

https://support.apple.com/en-us/125115

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON