CVE-2025-43272: Input Validation
Published Sep 15, 2025
·Updated
AirPort. A permissions issue was addressed with additional restrictions.
Credit
Joey Hewitt, an anonymous researcher, Thomas Salomon, Sufiyan Gouri (TU Darmstadt), Phil Scott & Richard Hyunho Im (@richeeta)@@MrPeriPeri, Mark Bowers, Dylan Rollins, Arthur Baudoin, Andr.Ess, Jaydev Ahire, Big Bear, Pawel Wylecial(REDTEAM), Csaba Fitzl@@theevilbit(Kandji), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), @@zlluny(Trend Micro Zero Day Initiative), 이동하 (Lee Dong Ha)(SSA Lab), Keisuke Hosoda, Viktor Oreshkin, Mickey Jin@@patch1t, Dawuge(Shuffle Team), Noah Gregory (wts.dev), CVE-2025-6965, JZ, Seo Hyun-gyu@@wh1te4ever, Luke Roberts@@rookuu, Ignacio Sanmillan@@ulexec, Mike Cardwell(grepular), Bob Lord, Michael Reeves@@IntegralPilot, Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), @@RenwaX23, Evan Waelde, Nikita Sakalouski, Rosyna Keller(Totally Not Malicious Software), Guilherme Rambo(Best Buddy Apps), Philipp Baldauf, Minghao Lin@@Y1nKoc, Lyutoon@@Lyutoon_, YingQi Shi@@Mas0n, Tom Brzezinski, Abhay Kailasia@@abhay_kailasia(C), KPC(Cisco Talos), 정답이 아닌 해답, Richard Hyunho Im@@richeeta, Zhongquan Li@@Guluisacat, Bilal Siddiqui, Nolan Astrein(Kandji), Shantanu Thakur, Wang Yu(Cyberserval), Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Ye Zhang@@VAR10CK(Baidu Security), Nathaniel Oh@@calysteon, Gergely Kalman@@gergely_kalman, Hikerell (Loadshine Lab), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Kirin@@Pwnrin, LFY@@secsys(Fudan University), CVE-2025-40909, Zhongcheng Li(IES Red Team of ByteDance), @@zlluny, CVE-2024-27280, Ye Zhang(Baidu Security), pattern-f@@pattern_F_, Kirin@@Pwnrin(Computer Science), Cristian Dinca(Computer Science), Romania, Ferdous Saljooki@@malwarezoo(Jamf), Justin Elliot Fu, Pyrophoria(GrapheneOS), an anonymous researcher(GrapheneOS), James J Kalafus, Michel Migdal, ken super, ABC Research s.r.o., Mickey Jin@@patch1t(Cisco Talos), Kirin@@Pwnrin(Cisco Talos), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Rodolphe BRUNETTI@@eisw0lf(Lupus Nova)
Affected Software
12 affected componentsFixes available
Apple macOS Tahoe<26
26
Apple iOS<26
26
Apple iPadOS<26
26
Apple WatchOS<26
26
Apple visionOS<26
26
Apple Safari<26
26
Apple Safari<26.0
Apple iPadOS<26.0
Apple iPhone OS<26.0
Apple macOS<26.0
Apple visionOS<26.0
Apple WatchOS<26.0
Event History
Sep 15, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
CVE Published
via MITRE·10:34 PM
Data Sourced
via MITRE·10:34 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Sep 23, 2025
Data Sourced
via Red Hat·02:21 PM
DescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43272?
CVE-2025-43272 has been classified with a high severity rating due to its potential impact on user security.
2
How do I fix CVE-2025-43272?
To fix CVE-2025-43272, users should update their devices to the latest version of macOS Tahoe, iOS, iPadOS, watchOS, or visionOS as applicable.
3
What types of vulnerabilities does CVE-2025-43272 address?
CVE-2025-43272 addresses a buffer overflow issue, permissions issue, and out-of-bounds access issue.
4
Which Apple products are affected by CVE-2025-43272?
CVE-2025-43272 affects macOS Tahoe, iOS, iPadOS, watchOS, and visionOS all up to version 26.
5
Is CVE-2025-43272 actively being exploited?
As of the latest information, there are no confirmed reports of active exploitation of CVE-2025-43272.