Path Handling Issue in Apple iOS and iPadOS Products
CVE-2025-43537

3.5LOW

Key Information:

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 11 February 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-43537?

A path handling flaw in Apple's iOS and iPadOS products may allow attackers to manipulate and modify protected system files by restoring a maliciously crafted backup file. This vulnerability has been addressed through enhanced validation measures in the updated versions of iOS and iPadOS. Users are encouraged to upgrade to the latest versions to safeguard their system integrity.

Affected Version(s)

iOS and iPadOS 0 < 18.7.5

iOS and iPadOS 0 < 26.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-43537
Created by hawkeye-bd

References

https://support.apple.com/en-us/125884

https://support.apple.com/en-us/126347

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 8, 2026
👾
Exploit known to exist
Jun 8, 2026
Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Apr 16, 2025

CVE-2025-43537 Data

JSON