Buffer Overflow Vulnerability in Apple's Safari and iOS Devices
CVE-2025-43501

4.3MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Safari; Visionos; Mac OS
Vendor: CVE Published:; 17 December 2025

What is CVE-2025-43501?

A buffer overflow vulnerability has been identified in Apple's Safari browser and various iOS devices, potentially allowing attackers to exploit memory management flaws. This vulnerability arises from the handling of maliciously crafted web content, which could result in unexpected process crashes and disrupt user experience. Apple has addressed this issue in several product updates, namely Safari 26.2, iOS 18.7.3, iPadOS 18.7.3, and subsequent versions. Users are encouraged to update their devices to the latest software versions to mitigate risks associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 18.7

iOS and iPadOS < 26.2

macOS < 26.2

References

https://support.apple.com/en-us/125885

https://support.apple.com/en-us/125892

https://support.apple.com/en-us/125884

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2025
Vulnerability Reserved
Apr 16, 2025

JSON