CVE-2025-43230: Input Validation
Published Jul 29, 2025
·Updated
Accessibility. A logic issue was addressed with improved checks.
Credit
Google's Threat Analysis Group, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Chi Yuan Chang(ZUSO ART), taikosoup, Gary Kwong(Trend Micro Zero Day Initiative), CVE-2025-43226, Christian Kohlschütter, Sergei Glazunov(Google Project Zero), Ivan Fratric(Google Project Zero), Vlad Stolyarov(Google's Threat Analysis Group), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), CVE-2025-6965, Gilad Moav, Yehuda Afek, Anat Bremler-Barr, Amit Klein, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, shandikri(Trend Micro Zero Day Initiative), Google V8 Security Team, Nan Wang@@eternalsakura13, Ziling Chen, HexRabbit@@h3xr4bb1t(DEVCORE Research Team), Ignacio Sanmillan@@ulexec, Clément Lecigne(Google's Threat Analysis Group), Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), Wong Wee Xiang, Himanshu Bharti@@Xpl0itme, Brian Carpenter, Jaydev Ahire, Mickey Jin@@patch1t, Dawuge(Shuffle Team), Tony Iskow@@Tybbow, Kirin@@Pwnrin, Wojciech Regula(SecuRing), ABC Research s.r.o., Noah Gregory (wts.dev), MRHAX, Aditya Rana, Seo Hyun-gyu@@wh1te4ever(Xiaomi), Dora Orak(Xiaomi), Minghao Lin@@Y1nKoc(Xiaomi), XiLong Zhang@@Resery4(Xiaomi), noir@@ROIS, fmyy (@风沐云烟), 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, Gergely Kalman@@gergely_kalman, an anonymous researcher, 2ourc3 | Salim Largo, Anonymous(Trend Micro Zero Day Initiative), Willey Lin, Arsenii Kostromin (0x3c3e), Pyrophoria, Dora Orak, Csaba Fitzl@@theevilbit(Kandji), Minghao Lin, Jiaxun Zhu, Zhongquan Li@@Guluisacat, Koh M. Nakagawa@@tsunek0h(Kandji), an anonymous researcher(Loadshine Lab), Hikerell(Loadshine Lab), @@zlluny, Yuebin Sun@@yuebinsun2020, Shang-De Jiang(CyCraft Technology), Kazma Ye(CyCraft Technology), Nikolai Skliarenko(Trend Micro Zero Day Initiative), Keith Yeo@@kyeojy(Team Orca of Sea Security), Martin Bajanik(Fingerprint), Ammar Askar, Syarif Muhammad Sajjad, Martti Hütt, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Ryan Dowd@@_rdowd
Affected Software
14 affected componentsFixes available
Apple WatchOS<11.6
11.6
Apple macOS Sequoia<15.6
15.6
Apple iOS<18.6
18.6
Apple iPadOS<18.6
18.6
Apple iPadOS<17.7.9
17.7.9
Apple tvOS<18.6
18.6
Apple visionOS<2.6
2.6
Apple iPadOS<17.7.9
Apple iPadOS>=18.0<18.6
Apple iPhone OS<18.6
Apple macOS<15.6
Apple tvOS<18.6
Apple visionOS<2.6
Apple WatchOS<11.6
Event History
Jul 29, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·11:35 PM
Data Sourced
via MITRE·11:35 PM
DescriptionWeakness
Jul 30, 2025
Data Sourced
via NVD·12:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43230?
CVE-2025-43230 has a medium severity rating due to its impact on accessibility and logic issues.
2
How do I fix CVE-2025-43230?
To fix CVE-2025-43230, update your affected Apple devices to the latest available versions: iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, watchOS 11.6, tvOS 18.6, or visionOS 2.6.
3
Which Apple products are affected by CVE-2025-43230?
CVE-2025-43230 affects Apple WatchOS, macOS Sequoia, iOS, iPadOS, tvOS, and visionOS up to their specified versions.
4
What are the main issues addressed in CVE-2025-43230?
CVE-2025-43230 addresses a logic issue, improved path handling validation, and enhanced memory handling.
5
Is there a known exploitation of CVE-2025-43230?
As of the current information, there are no known active exploits pertaining to CVE-2025-43230.