Out-of-Bounds Read in Apple Kernel Affects Multiple Devices
CVE-2025-43374

4.3MEDIUM

Key Information:

Vendor: Apple
Status: Mac OS; iPad OS; iOS And iPad OS; Visionos
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-43374?

An out-of-bounds read vulnerability has been identified in Apple's kernel, potentially allowing an attacker in physical proximity to read sensitive information from kernel memory. This issue arises from insufficient bounds checking, which can lead to unauthorized access to memory regions that should be protected. The vulnerability affects multiple Apple operating systems, including iPadOS, iOS, macOS, and visionOS. Users are encouraged to update their devices to the latest versions to mitigate the risk associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 18.5

iPadOS < 17.7

macOS < 14.7

References

https://support.apple.com/en-us/122069

https://support.apple.com/en-us/122716

https://support.apple.com/en-us/122405

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Apr 16, 2025

JSON