Use-After-Free Vulnerability in Apple iOS and macOS Products
CVE-2025-43529

8.8HIGH

Key Information:

Vendor

Apple
Status
iOS And iPad OS
TV OS
Safari
Visionos
Vendor
CVE Published:
17 December 2025

Badges

🔥 Trending now📈 Trended📈 Score: 3,500👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2025-43529?

CVE-2025-43529 is a critical use-after-free vulnerability found in Apple’s iOS and macOS products. This type of vulnerability occurs when memory that is no longer needed is accessed, allowing unintended actions to be executed by an attacker. The implications of this specific vulnerability are severe, as it can be exploited by processing specially crafted web content, potentially leading to arbitrary code execution. Such a capability can enable an attacker to execute unauthorized commands, compromising the integrity and confidentiality of the affected systems. The vulnerability has been reportedly addressed in multiple Apple updates, including Safari and iOS, emphasizing the importance of applying these updates to maintain security.

Potential impact of CVE-2025-43529

  1. Arbitrary Code Execution: Attackers can exploit this vulnerability to execute arbitrary code on the affected devices, which may lead to unauthorized data access or control over the device.

  2. Targeted Attacks: The vulnerability may have been exploited in sophisticated attacks aimed at specific individuals, suggesting a risk of targeted exploitation that could lead to severe privacy breaches and data theft.

  3. System Compromise: Successful exploitation could lead to complete compromise of the affected systems, potentially enabling the installation of malware or ransomware, further endangering the organization’s cybersecurity posture.

CISA has reported CVE-2025-43529

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-43529 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 18.7

iOS and iPadOS < 26.2

macOS < 26.2

News Articles

favicon imageCyber Security Agency of Singapore

Zero‑Day Vulnerabilities in Apple WebKit

Apple has released security updates to address two zero‑day vulnerabilities in WebKit that have been exploited in attacks. Users and administrators of affected Apple devices are strongly advised to update to the latest software versions immediately.

17 hours ago

favicon imageHelp Net Security

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) - Help Net Security

Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) exploited as zero-days.

3 days ago

favicon imageeSecurity Planet

Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks | eSecurity Planet

Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks.

3 days ago

References

https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125889
https://support.apple.com/en-us/125892

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by gbhackers.com

  • Vulnerability Reserved

JSON
.
CVE-2025-43529 : Use-After-Free Vulnerability in Apple iOS and macOS Products