Use-After-Free Vulnerability in Apple iOS and macOS Products
CVE-2025-43529

8.8HIGH

Key Information:

Vendor

Apple
Status
iOS And iPad OS
TV OS
Safari
Visionos
Vendor
CVE Published:
17 December 2025

Badges

📈 Trended📈 Score: 4,090👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-43529?

CVE-2025-43529 is a critical use-after-free vulnerability found in Apple’s iOS and macOS products. This type of vulnerability occurs when memory that is no longer needed is accessed, allowing unintended actions to be executed by an attacker. The implications of this specific vulnerability are severe, as it can be exploited by processing specially crafted web content, potentially leading to arbitrary code execution. Such a capability can enable an attacker to execute unauthorized commands, compromising the integrity and confidentiality of the affected systems. The vulnerability has been reportedly addressed in multiple Apple updates, including Safari and iOS, emphasizing the importance of applying these updates to maintain security.

Potential impact of CVE-2025-43529

  1. Arbitrary Code Execution: Attackers can exploit this vulnerability to execute arbitrary code on the affected devices, which may lead to unauthorized data access or control over the device.

  2. Targeted Attacks: The vulnerability may have been exploited in sophisticated attacks aimed at specific individuals, suggesting a risk of targeted exploitation that could lead to severe privacy breaches and data theft.

  3. System Compromise: Successful exploitation could lead to complete compromise of the affected systems, potentially enabling the installation of malware or ransomware, further endangering the organization’s cybersecurity posture.

CISA has reported CVE-2025-43529

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-43529 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 18.7

iOS and iPadOS < 26.2

macOS < 26.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-43529
Created by jir4vv1t

News Articles

favicon imageTechnobezz

CISA Warns of Apple WebKit Vulnerability Actively Exploited in Attacks

CISA issued an urgent warning about a critical Apple WebKit zero-day vulnerability actively exploited in attacks.

1 week ago

favicon imageinnoGyan •

Apple Recommends Immediate Updates for iPhone and Other Products • innoGyan

Apple has issued an urgent security update after confirming the active exploitation of two critical WebKit vulnerabilities, urging iPhone and Apple device

1 week ago

References

https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125889
https://support.apple.com/en-us/125892

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by gbhackers.com

  • Vulnerability Reserved

JSON
.
CVE-2025-43529 : Use-After-Free Vulnerability in Apple iOS and macOS Products