Memory Corruption Vulnerability in Apple Operating Systems
CVE-2025-43520

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; TV OS; Visionos
Vendor: CVE Published:; 12 December 2025

Badges

👾 Exploit Exists🦅 CISA Reported

What is CVE-2025-43520?

A memory corruption issue has been identified in various Apple operating systems, leading to potential system instability. This vulnerability could allow a malicious application to initiate unexpected system terminations or manipulate kernel memory, thereby compromising system integrity. Apple has addressed this vulnerability through improved memory handling in the latest software updates.

CISA has reported CVE-2025-43520

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-43520 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS 0 < 18.7.2

iOS and iPadOS 0 < 26.1

macOS 0 < 14.8.2

References

https://support.apple.com/en-us/125632

https://support.apple.com/en-us/125633

https://support.apple.com/en-us/125634

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 20, 2026
🦅
CISA Reported
Mar 20, 2026
Vulnerability published
Dec 12, 2025
Vulnerability Reserved
Apr 16, 2025

CVE-2025-43520 Data

JSON