CVE-2025-43228: Input Validation

Q: What is the severity of CVE-2025-43228?

The severity of CVE-2025-43228 has been determined to be significant due to multiple issues that could lead to denial-of-service conditions.

Q: How do I fix CVE-2025-43228?

To fix CVE-2025-43228, update your Apple iOS, iPadOS, or Safari to version 18.6 or later.

Q: What are the affected products for CVE-2025-43228?

CVE-2025-43228 affects Apple iOS, iPadOS, and Safari versions up to 18.6.

Q: What types of issues does CVE-2025-43228 address?

CVE-2025-43228 addresses logic issues, improved checks, memory handling improvements, and denial-of-service vulnerabilities.

Q: Is CVE-2025-43228 related to accessibility?

Yes, CVE-2025-43228 includes improvements made to address accessibility-related issues.

Published Jul 29, 2025

Updated

Accessibility. A logic issue was addressed with improved checks.

Other sources

Accessibility. The issue was addressed by adding additional logic.

— Apple

afclip. The issue was addressed with improved memory handling.

— Apple

CFNetwork. A denial-of-service issue was addressed with improved input validation.

— Apple

CoreAudio. The issue was addressed with improved memory handling.

— Apple

CoreMedia Playback. The issue was addressed with additional permissions checks.

— Apple

Credit

Sergei Glazunov(Google Project Zero), Ivan Fratric(Google Project Zero), Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), Martin Bajanik(Fingerprint), Ammar Askar, Jaydev Ahire, Gilad Moav, Yehuda Afek, Anat Bremler-Barr, Amit Klein, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, Syarif Muhammad Sajjad, shandikri(Trend Micro Zero Day Initiative), Google V8 Security Team, Nan Wang@@eternalsakura13, Ziling Chen, HexRabbit@@h3xr4bb1t(DEVCORE Research Team), Ignacio Sanmillan@@ulexec, Clément Lecigne(Google's Threat Analysis Group), Vlad Stolyarov(Google's Threat Analysis Group), Wong Wee Xiang, Himanshu Bharti@@Xpl0itme, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Google's Threat Analysis Group, Chi Yuan Chang(ZUSO ART), taikosoup, Gary Kwong(Trend Micro Zero Day Initiative), CVE-2025-43226, Christian Kohlschütter, Brian Carpenter, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2025-6965

Affected Software

6 affected componentsFixes available

Apple iOS<18.6

18.6

Apple iPadOS<18.6

18.6

Apple Safari<18.6

18.6

Apple Safari<18.6

Apple iPadOS<18.6

Apple iPhone OS<18.6

Event History

Jul 29, 2025

Data Sourced

via Apple·12:00 AM

DescriptionWeaknessAffected Software

Updated

via Apple·12:00 AM

DescriptionWeakness

CVE Published

via MITRE·11:35 PM

Data Sourced

via MITRE·11:35 PM

DescriptionWeakness

Jul 30, 2025

Updated

via Apple·12:00 AM

DescriptionWeaknessAffected Software

Data Sourced

via NVD·12:15 AM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is the severity of CVE-2025-43228?

The severity of CVE-2025-43228 has been determined to be significant due to multiple issues that could lead to denial-of-service conditions.

How do I fix CVE-2025-43228?

To fix CVE-2025-43228, update your Apple iOS, iPadOS, or Safari to version 18.6 or later.

What are the affected products for CVE-2025-43228?

CVE-2025-43228 affects Apple iOS, iPadOS, and Safari versions up to 18.6.

What types of issues does CVE-2025-43228 address?

CVE-2025-43228 addresses logic issues, improved checks, memory handling improvements, and denial-of-service vulnerabilities.

Is CVE-2025-43228 related to accessibility?

Yes, CVE-2025-43228 includes improvements made to address accessibility-related issues.

CVE-2025-43228: Input Validation

Other sources

Credit

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-43228?

How do I fix CVE-2025-43228?

What are the affected products for CVE-2025-43228?

What types of issues does CVE-2025-43228 address?

Is CVE-2025-43228 related to accessibility?

Company

Resources

Contact