CVE-2025-43529 - Vulnerability Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Dec. 15, 2025.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apple	Ios Ipados Iphone Os Macos Macos Tahoe Safari Tvos Visionos Watchos

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-43529
https://support.apple.com/en-us/125884
https://support.apple.com/en-us/125885
https://support.apple.com/en-us/125886
https://support.apple.com/en-us/125889
https://support.apple.com/en-us/125890
https://support.apple.com/en-us/125891
https://support.apple.com/en-us/125892
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529
https://www.cve.org/CVERecord?id=CVE-2025-43529

History

Thu, 18 Dec 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple iphone Os
CPEs		cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple iphone Os

Thu, 18 Dec 2025 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios Apple ipados Apple macos Apple macos Tahoe Apple safari Apple tvos Apple visionos Apple watchos
Vendors & Products		Apple Apple ios Apple ipados Apple macos Apple macos Tahoe Apple safari Apple tvos Apple visionos Apple watchos

Thu, 18 Dec 2025 00:15:00 +0000

Type	Values Removed	Values Added
Title		webkitgtk: webkitgtk: Use-after-free due to improper memory management
Weaknesses		CWE-825
References		https://nvd.nist.gov/vuln/detail/CVE-2025-43529 https://www.cve.org/CVERecord?id=CVE-2025-43529
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 17 Dec 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 17 Dec 2025 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 17 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
References		https://support.apple.com/en-us/125884 https://support.apple.com/en-us/125885 https://support.apple.com/en-us/125886 https://support.apple.com/en-us/125889 https://support.apple.com/en-us/125890 https://support.apple.com/en-us/125891 https://support.apple.com/en-us/125892
Metrics		kev `{'dateAdded': '2025-12-15T00:00:00+00:00', 'dueDate': '2026-01-05T00:00:00+00:00'}`

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-12-17T20:46:55.691Z

Updated: 2025-12-18T04:55:15.285Z

Reserved: 2025-04-16T15:27:21.197Z

Link: CVE-2025-43529

Vulnrichment

Updated: 2025-12-17T21:05:42.168Z

NVD

Status : Analyzed

Published: 2025-12-17T21:16:11.570

Modified: 2025-12-18T14:59:05.617

Link: CVE-2025-43529

Redhat

Severity : Important

Publid Date: 2025-12-16T00:00:00Z

Links: CVE-2025-43529 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object