Logic Flaw in Apple Products Exposes DNS Queries
CVE-2025-43376

7.5HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Safari; TV OS; Visionos
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-43376?

A logic flaw has been detected in several Apple products that could allow a remote attacker to access leaked DNS queries when the Private Relay feature is activated. This issue stems from inadequate state management, which has been rectified in the latest updates of Safari, tvOS, watchOS, iOS, iPadOS, and visionOS. Users are encouraged to upgrade to the latest versions to mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

iOS and iPadOS < 26

Safari < 26

tvOS < 26

References

https://support.apple.com/en-us/125108

https://support.apple.com/en-us/125113

https://support.apple.com/en-us/125114

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Apple

What is CVE-2025-43376?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.