Cross-Origin Data Exfiltration Vulnerability in Apple Products
CVE-2025-43480

8.1HIGH

Key Information:

Vendor

Apple
Status
Safari
TV OS
Visionos
Watch OS
Vendor
CVE Published:
4 November 2025

What is CVE-2025-43480?

A significant vulnerability exists within Apple's Safari browser and various operating systems that enables a malicious website to exfiltrate sensitive data across different origins. This security flaw arises from inadequate validation checks, allowing attackers to potentially gain unauthorized access to user information from other domains. Apple has addressed this issue in the latest updates of Safari and compatible operating systems, ensuring enhanced security measures are in place.

Affected Version(s)

iOS and iPadOS < 26.1

Safari < 26.1

tvOS < 26.1

References

https://support.apple.com/en-us/125640
https://support.apple.com/en-us/125637
https://support.apple.com/en-us/125638

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-43480 : Cross-Origin Data Exfiltration Vulnerability in Apple Products