Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-1110
Vulnerability from certfr_avis - Published: 2025-12-15 - Updated: 2025-12-15
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que les vulnérabilités CVE-2025-14174 et CVE-2025-43529 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.3 | ||
| Apple | watchOS | watchOS versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 26.x antérieures à 26.2 | ||
| Apple | macOS | macOS Tahoe versions antérieures à 26.2 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.3 | ||
| Apple | tvOS | tvOS versions antérieures à 26.2 | ||
| Apple | Safari | Safari versions antérieures à 26.2 | ||
| Apple | iOS | iOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | iPadOS | iPadOS versions 18.7.x antérieures à 18.7.3 | ||
| Apple | visionOS | visionOS versions antérieures à 26.2 | ||
| Apple | iPadOS | iPadOS versions 26.x antérieures à 26.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.3",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.7.x ant\u00e9rieures \u00e0 18.7.3",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 26.x ant\u00e9rieures \u00e0 26.2",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43517"
},
{
"name": "CVE-2025-46291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46291"
},
{
"name": "CVE-2025-46282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46282"
},
{
"name": "CVE-2025-46292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46292"
},
{
"name": "CVE-2025-43539",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43539"
},
{
"name": "CVE-2025-43320",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43320"
},
{
"name": "CVE-2025-43536",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43536"
},
{
"name": "CVE-2025-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43514"
},
{
"name": "CVE-2025-46289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46289"
},
{
"name": "CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"name": "CVE-2025-46278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46278"
},
{
"name": "CVE-2025-43523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43523"
},
{
"name": "CVE-2024-8906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8906"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43513"
},
{
"name": "CVE-2025-43522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43522"
},
{
"name": "CVE-2025-46279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46279"
},
{
"name": "CVE-2025-43416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43416"
},
{
"name": "CVE-2025-43410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43410"
},
{
"name": "CVE-2025-43475",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43475"
},
{
"name": "CVE-2025-43542",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43542"
},
{
"name": "CVE-2025-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46283"
},
{
"name": "CVE-2025-14174",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
},
{
"name": "CVE-2025-43519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43519"
},
{
"name": "CVE-2025-5918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5918"
},
{
"name": "CVE-2025-43526",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43526"
},
{
"name": "CVE-2025-46277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46277"
},
{
"name": "CVE-2025-43518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43518"
},
{
"name": "CVE-2025-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43527"
},
{
"name": "CVE-2025-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46285"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2025-43482",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43482"
},
{
"name": "CVE-2025-43532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43532"
},
{
"name": "CVE-2025-43538",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43538"
},
{
"name": "CVE-2025-46288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46288"
},
{
"name": "CVE-2025-43541",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43541"
},
{
"name": "CVE-2025-43529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43529"
},
{
"name": "CVE-2025-43516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43516"
},
{
"name": "CVE-2025-46281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46281"
},
{
"name": "CVE-2025-43530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43530"
},
{
"name": "CVE-2025-43501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43501"
},
{
"name": "CVE-2025-46276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46276"
},
{
"name": "CVE-2025-43533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43533"
},
{
"name": "CVE-2025-43428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43428"
},
{
"name": "CVE-2025-43512",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43512"
},
{
"name": "CVE-2025-43535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43535"
},
{
"name": "CVE-2025-43521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43521"
},
{
"name": "CVE-2025-43531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43531"
},
{
"name": "CVE-2025-46287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46287"
},
{
"name": "CVE-2025-43509",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43509"
},
{
"name": "CVE-2025-43463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43463"
}
],
"initial_release_date": "2025-12-15T00:00:00",
"last_revision_date": "2025-12-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1110",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-14174 et CVE-2025-43529 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125887",
"url": "https://support.apple.com/en-us/125887"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125891",
"url": "https://support.apple.com/en-us/125891"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125884",
"url": "https://support.apple.com/en-us/125884"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125886",
"url": "https://support.apple.com/en-us/125886"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125885",
"url": "https://support.apple.com/en-us/125885"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125889",
"url": "https://support.apple.com/en-us/125889"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125890",
"url": "https://support.apple.com/en-us/125890"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125892",
"url": "https://support.apple.com/en-us/125892"
},
{
"published_at": "2025-12-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125888",
"url": "https://support.apple.com/en-us/125888"
}
]
}
CVE-2025-43501 (GCVE-0-2025-43501)
Vulnerability from cvelistv5 – Published: 2025-12-17 20:46 – Updated: 2026-04-02 18:09
VLAI
EPSS
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-19T04:55:32.311931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:07:30.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:09:14.942Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125884"
},
{
"url": "https://support.apple.com/en-us/125885"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125891"
},
{
"url": "https://support.apple.com/en-us/125892"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43501",
"datePublished": "2025-12-17T20:46:30.548Z",
"dateReserved": "2025-04-16T15:27:21.192Z",
"dateUpdated": "2026-04-02T18:09:14.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43509 (GCVE-0-2025-43509)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2026-04-02 18:19
VLAI
EPSS
Summary
This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access sensitive user data
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T15:23:26.098851Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:50:34.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:19:22.353Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125887"
},
{
"url": "https://support.apple.com/en-us/125888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43509",
"datePublished": "2025-12-12T20:56:43.368Z",
"dateReserved": "2025-04-16T15:27:21.195Z",
"dateUpdated": "2026-04-02T18:19:22.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43511 (GCVE-0-2025-43511)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2026-06-30 12:07
VLAI
EPSS
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity
6.5 (Medium)
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
- CWE-416 - Use After Free
Assigner
References
20 references
Impacted products
22 products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43511",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-13T22:35:12.295220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-13T22:35:16.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:18.920Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"name": "RHBZ#2448787",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-43511.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22136"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9692"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19206"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:22136: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:10702: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:16056: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:13845: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:11814: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:19535: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:16695: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:14659: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:11329: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:9692: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19206: Red Hat Enterprise Linux AppStream (v. 9)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T20:14:54.262Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-18T00:00:00.000Z",
"value": "Made public."
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"workarounds": [
{
"lang": "en",
"value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:13:40.169Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125633"
},
{
"url": "https://support.apple.com/en-us/125884"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125890"
},
{
"url": "https://support.apple.com/en-us/125891"
},
{
"url": "https://support.apple.com/en-us/125892"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43511",
"datePublished": "2025-12-12T20:56:30.795Z",
"dateReserved": "2025-04-16T15:27:21.195Z",
"dateUpdated": "2026-06-30T12:07:18.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43512 (GCVE-0-2025-43512)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2026-04-02 18:22
VLAI
EPSS
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to elevate privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- An app may be able to elevate privileges
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.7.3
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 14.8.3
(custom)
Affected: 0 , < 15.7.3 (custom) Affected: 0 , < 26.2 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T15:23:54.770711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:50:00.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to elevate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to elevate privileges",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:22:20.353Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125885"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125887"
},
{
"url": "https://support.apple.com/en-us/125888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43512",
"datePublished": "2025-12-12T20:56:51.767Z",
"dateReserved": "2025-04-16T15:27:21.196Z",
"dateUpdated": "2026-04-02T18:22:20.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43513 (GCVE-0-2025-43513)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2026-04-02 18:17
VLAI
EPSS
Summary
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to read sensitive location information.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to read sensitive location information
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T16:35:26.770568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:35:29.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to read sensitive location information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:17:42.777Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125887"
},
{
"url": "https://support.apple.com/en-us/125888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43513",
"datePublished": "2025-12-12T20:56:41.283Z",
"dateReserved": "2025-04-16T15:27:21.196Z",
"dateUpdated": "2026-04-02T18:17:42.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43514 (GCVE-0-2025-43514)
Vulnerability from cvelistv5 – Published: 2025-12-17 20:47 – Updated: 2026-04-02 18:26
VLAI
EPSS
Summary
The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access protected user data
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43514",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T19:07:53.996197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:28:44.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:26:10.397Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43514",
"datePublished": "2025-12-17T20:47:17.669Z",
"dateReserved": "2025-04-16T15:27:21.196Z",
"dateUpdated": "2026-04-02T18:26:10.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43516 (GCVE-0-2025-43516)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2026-04-02 18:09
VLAI
EPSS
Summary
A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user's activity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- A user with Voice Control enabled may be able to transcribe another user's activity
- CWE-384 - Session Fixation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:56:12.062956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:56:15.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A session management issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. A user with Voice Control enabled may be able to transcribe another user\u0027s activity."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user with Voice Control enabled may be able to transcribe another user\u0027s activity",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:09:51.723Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125887"
},
{
"url": "https://support.apple.com/en-us/125888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43516",
"datePublished": "2025-12-12T20:56:22.471Z",
"dateReserved": "2025-04-16T15:27:21.196Z",
"dateUpdated": "2026-04-02T18:09:51.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43517 (GCVE-0-2025-43517)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2026-04-02 18:09
VLAI
EPSS
Summary
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access protected user data
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T20:25:41.951945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:25:44.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:09:25.495Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125887"
},
{
"url": "https://support.apple.com/en-us/125888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43517",
"datePublished": "2025-12-12T20:56:19.259Z",
"dateReserved": "2025-04-16T15:27:21.196Z",
"dateUpdated": "2026-04-02T18:09:25.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43518 (GCVE-0-2025-43518)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:57 – Updated: 2026-04-02 18:27
VLAI
EPSS
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, watchOS 26.2. An app may be able to inappropriately access files through the spellcheck API.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to inappropriately access files through the spellcheck API
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T19:23:56.286478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T19:23:59.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, watchOS 26.2. An app may be able to inappropriately access files through the spellcheck API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to inappropriately access files through the spellcheck API",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:27:11.863Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125884"
},
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125887"
},
{
"url": "https://support.apple.com/en-us/125888"
},
{
"url": "https://support.apple.com/en-us/125890"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43518",
"datePublished": "2025-12-12T20:57:05.818Z",
"dateReserved": "2025-04-16T15:27:21.196Z",
"dateUpdated": "2026-04-02T18:27:11.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43519 (GCVE-0-2025-43519)
Vulnerability from cvelistv5 – Published: 2025-12-12 20:56 – Updated: 2026-04-02 18:22
VLAI
EPSS
Summary
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access sensitive user data
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T15:33:03.089597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:49:48.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.8.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.7.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:22:49.520Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125886"
},
{
"url": "https://support.apple.com/en-us/125887"
},
{
"url": "https://support.apple.com/en-us/125888"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43519",
"datePublished": "2025-12-12T20:56:52.823Z",
"dateReserved": "2025-04-16T15:27:21.196Z",
"dateUpdated": "2026-04-02T18:22:49.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…