CVE-2025-43210: Input Validation
Published Jul 29, 2025
·Updated
Accessibility. A logic issue was addressed with improved checks.
Credit
Google's Threat Analysis Group, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Chi Yuan Chang(ZUSO ART), taikosoup, Gary Kwong(Trend Micro Zero Day Initiative), CVE-2025-43226, Christian Kohlschütter, Sergei Glazunov(Google Project Zero), Ivan Fratric(Google Project Zero), Vlad Stolyarov(Google's Threat Analysis Group), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2025-6965, Gilad Moav, Yehuda Afek, Anat Bremler-Barr, Amit Klein, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, shandikri(Trend Micro Zero Day Initiative), Google V8 Security Team, Nan Wang@@eternalsakura13, Ziling Chen, HexRabbit@@h3xr4bb1t(DEVCORE Research Team), Ignacio Sanmillan@@ulexec, Clément Lecigne(Google's Threat Analysis Group), Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), Wong Wee Xiang, Himanshu Bharti@@Xpl0itme, Brian Carpenter, Jaydev Ahire, Ryan Dowd@@_rdowd, ABC Research s.r.o., Mickey Jin@@patch1t, Noah Gregory (wts.dev), an anonymous researcher, Gergely Kalman@@gergely_kalman, 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, 2ourc3 | Salim Largo, Dawuge(Shuffle Team), Anonymous(Trend Micro Zero Day Initiative), Pyrophoria, Csaba Fitzl@@theevilbit(Kandji), Minghao Lin, Jiaxun Zhu, Kirin@@Pwnrin, Zhongquan Li@@Guluisacat, Koh M. Nakagawa@@tsunek0h(Kandji), Wojciech Regula(SecuRing), Yuebin Sun@@yuebinsun2020, Shang-De Jiang(CyCraft Technology), Kazma Ye(CyCraft Technology), Nikolai Skliarenko(Trend Micro Zero Day Initiative), Mickey Jin@@patch1t(Team Orca of Sea Security), Keith Yeo@@kyeojy(Team Orca of Sea Security), Martti Hütt, Tony Iskow@@Tybbow, MRHAX, Aditya Rana, Seo Hyun-gyu@@wh1te4ever(Xiaomi), Dora Orak(Xiaomi), Minghao Lin@@Y1nKoc(Xiaomi), XiLong Zhang@@Resery4(Xiaomi), noir@@ROIS, fmyy (@风沐云烟), Willey Lin, Arsenii Kostromin (0x3c3e), Dora Orak, an anonymous researcher(Loadshine Lab), Hikerell(Loadshine Lab), @@zlluny, Martin Bajanik(Fingerprint), Ammar Askar, Syarif Muhammad Sajjad, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft)
Affected Software
18 affected componentsFixes available
Apple tvOS<18.6
18.6
Apple iOS<18.6
18.6
Apple iPadOS<18.6
18.6
Apple WatchOS<11.6
11.6
Apple macOS Sonoma<14.7.7
14.7.7
Apple iPadOS<17.7.9
17.7.9
Apple macOS Ventura<13.7.7
13.7.7
Apple visionOS<2.6
2.6
Apple macOS Sequoia<15.6
15.6
Apple iPadOS<17.7.9
Apple iPadOS>=18.0<18.6
Apple iPhone OS<18.6
Apple macOS>=13.0<13.7.7
Apple macOS>=14.0<14.7.7
Apple macOS>=15.0<15.6
Apple tvOS<18.6
Apple visionOS<2.6
Apple WatchOS<11.6
Event History
Jul 29, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Apr 2, 2026
CVE Published
via MITRE·06:21 PM
Data Sourced
via MITRE·06:21 PM
DescriptionWeakness
Data Sourced
via NVD·07:20 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43210?
CVE-2025-43210 has a high severity rating due to multiple issues related to accessibility and logic handling.
2
How do I fix CVE-2025-43210?
To fix CVE-2025-43210, update the affected Apple products to their latest versions as specified in the security advisory.
3
Which products are affected by CVE-2025-43210?
CVE-2025-43210 affects several Apple products, including watchOS, macOS Ventura, macOS Sequoia, iOS, iPadOS, tvOS, and visionOS.
4
What types of vulnerabilities does CVE-2025-43210 address?
CVE-2025-43210 addresses logic issues, accessibility, path handling, and memory handling vulnerabilities.
5
Is there a workaround for CVE-2025-43210?
There are no known workarounds for CVE-2025-43210; users should apply the available updates to mitigate the risks.