CVE-2025-43529 (GCVE-0-2025-43529)

Vulnerability from cvelistv5 – Published: 2025-12-17 20:46 – Updated: 2026-04-02 18:18
VLAI CISA KEV
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Severity
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
  • CWE-416 - Use After Free
Assigner
References
Impacted products
Vendor Product Version
Apple Safari Affected: 0 , < 26.2 (custom)
Create a notification for this product.
Apple iOS and iPadOS Affected: 0 , < 18.7.3 (custom)
Affected: 0 , < 26.2 (custom)
Create a notification for this product.
Apple macOS Affected: 0 , < 26.2 (custom)
Create a notification for this product.
Apple tvOS Affected: 0 , < 26.2 (custom)
Create a notification for this product.
Apple visionOS Affected: 0 , < 26.2 (custom)
Create a notification for this product.
Apple watchOS Affected: 0 , < 26.2 (custom)
Create a notification for this product.
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: c4307140-c6b8-4a7d-8232-f7711cd9fa51

Vulnerability ID: CVE-2025-43529

Status: Confirmed

Status Updated: 2025-12-15 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2025-12-15
Asserted: 2025-12-15
Scope
Notes: KEV entry: Apple Multiple Products Use-After-Free WebKit Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-416
Feed CISA Known Exploited Vulnerabilities Catalog
Product Multiple Products
Due Date 2026-01-05
Date Added 2025-12-15
Vendorproject Apple
Vulnerabilityname Apple Multiple Products Use-After-Free WebKit Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-02 13:24 UTC | Updated: 2026-02-06 07:53 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-43529",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-18T04:55:16.426232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-12-15",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:07:30.378Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "26.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:18:20.608Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/125884"
        },
        {
          "url": "https://support.apple.com/en-us/125885"
        },
        {
          "url": "https://support.apple.com/en-us/125886"
        },
        {
          "url": "https://support.apple.com/en-us/125889"
        },
        {
          "url": "https://support.apple.com/en-us/125890"
        },
        {
          "url": "https://support.apple.com/en-us/125891"
        },
        {
          "url": "https://support.apple.com/en-us/125892"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-43529",
    "datePublished": "2025-12-17T20:46:55.691Z",
    "dateReserved": "2025-04-16T15:27:21.197Z",
    "dateUpdated": "2026-04-02T18:18:20.608Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-43529",
      "cwes": "[\"CWE-416\"]",
      "dateAdded": "2025-12-15",
      "dueDate": "2026-01-05",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529",
      "product": "Multiple Products",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Multiple Products Use-After-Free WebKit Vulnerability"
    },
    "epss": {
      "cve": "CVE-2025-43529",
      "date": "2026-06-05",
      "epss": "0.00207",
      "percentile": "0.43128"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-43529\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-12-17T21:16:11.570\",\"lastModified\":\"2026-04-03T14:17:40.310\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-12-15\",\"cisaActionDue\":\"2026-01-05\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apple Multiple Products Use-After-Free WebKit Vulnerability\",\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"3ECBF838-536C-47F9-9876-C526B8ED32EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.3\",\"matchCriteriaId\":\"6547722A-1226-4E23-B3AE-8692B07C2657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"8B71D919-1AA2-4F17-A834-4B703E36F7E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.3\",\"matchCriteriaId\":\"8928A377-93BD-49AD-B4FE-5B2328EBDB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"10FD01C3-D77F-4FE4-8195-F2C59FB1321C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"825BB848-93B2-4A3E-86D8-16CB37DF9302\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"E0BBFB45-21F3-4B72-8DB1-BE72AFE0D2AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"EB10D901-4800-4DF9-AB35-48017C178161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.2\",\"matchCriteriaId\":\"15574823-ECE0-4394-99BC-6AFA34E599CC\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/125884\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/125885\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/125886\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/125889\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/125890\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/125891\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/125892\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-43529\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T21:04:30.797376Z\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-17T21:05:42.168Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"18.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/125885\"}, {\"url\": \"https://support.apple.com/en-us/125889\"}, {\"url\": \"https://support.apple.com/en-us/125892\"}, {\"url\": \"https://support.apple.com/en-us/125884\"}, {\"url\": \"https://support.apple.com/en-us/125891\"}, {\"url\": \"https://support.apple.com/en-us/125886\"}, {\"url\": \"https://support.apple.com/en-us/125890\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2025-12-17T20:46:55.691Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-43529\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-17T21:06:04.200Z\", \"dateReserved\": \"2025-04-16T15:27:21.197Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2025-12-17T20:46:55.691Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.