Logic Flaw in Apple Products Exposes DNS Queries
CVE-2025-43376

Currently unrated

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Safari; TV OS; Visionos
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-43376?

A logic flaw has been detected in several Apple products that could allow a remote attacker to access leaked DNS queries when the Private Relay feature is activated. This issue stems from inadequate state management, which has been rectified in the latest updates of Safari, tvOS, watchOS, iOS, iPadOS, and visionOS. Users are encouraged to upgrade to the latest versions to mitigate the risk.

Affected Version(s)

iOS and iPadOS < 26

Safari < 26

tvOS < 26

References

https://support.apple.com/en-us/125108

https://support.apple.com/en-us/125113

https://support.apple.com/en-us/125114

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON