CVE-2025-43349: Buffer Overflow
Published Sep 15, 2025
·Updated
AirPort. A permissions issue was addressed with additional restrictions.
Credit
Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), @@zlluny(Trend Micro Zero Day Initiative), Keisuke Hosoda, Viktor Oreshkin, Mickey Jin@@patch1t, Philipp Baldauf, Nathaniel Oh@@calysteon, Dawuge(Shuffle Team), Tom Brzezinski, 정답이 아닌 해답, Jaydev Ahire, an anonymous researcher, Csaba Fitzl@@theevilbit(Kandji), Yinyi Wu@@_3ndy1(Dawn Security Lab of JD), 이동하 (Lee Dong Ha)(SSA Lab), Noah Gregory (wts.dev), CVE-2025-6965, JZ, Seo Hyun-gyu@@wh1te4ever, Luke Roberts@@rookuu, Big Bear, Ignacio Sanmillan@@ulexec, Mike Cardwell(grepular), Bob Lord, Michael Reeves@@IntegralPilot, ABC Research s.r.o., Nolan Astrein(Kandji), Zhongquan Li@@Guluisacat, Bilal Siddiqui, @@zlluny(Trend Zero Day Initiative), Wang Yu(Cyberserval), Hikerell (Loadshine Lab), Rodolphe Brunetti@@eisw0lf(Lupus Nova), LFY@@secsys(Fudan University), CVE-2025-40909, CVE-2024-27280, Ye Zhang(Baidu Security), pattern-f@@pattern_F_, @@zlluny, Justin Elliot Fu, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Google's Threat Analysis Group, Minghao Lin@@Y1nKoc, 风 (binaryfmyy), BochengXiang@@Crispr, YingQi Shi@@Mas0nShi, Dora Orak, Mickey Jin@@patch1t(Fudan University), Kirin@@Pwnrin(Fudan University), Zhongcheng Li(IES Red Team of ByteDance), Kirin@@Pwnrin(Computer Science), Cristian Dinca(Computer Science), Romania, Nikita Sakalouski, Rosyna Keller(Totally Not Malicious Software), Guilherme Rambo(Best Buddy Apps), Lyutoon@@Lyutoon_, YingQi Shi@@Mas0n, Abhay Kailasia@@abhay_kailasia(C), KPC(Cisco Talos), Evan Waelde, Richard Hyunho Im@@richeeta, Pawel Wylecial(REDTEAM), Shantanu Thakur, Anonymous(Trend Micro Zero Day Initiative), Yiğit Can YILMAZ@@yilmazcanyigit, Ye Zhang@@VAR10CK(Baidu Security), Gergely Kalman@@gergely_kalman, Kirin@@Pwnrin, @@RenwaX23, Ferdous Saljooki@@malwarezoo(Jamf), Pyrophoria(GrapheneOS), an anonymous researcher(GrapheneOS), James J Kalafus, Michel Migdal, ken super, Mickey Jin@@patch1t(Cisco Talos), Kirin@@Pwnrin(Cisco Talos), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos)
Affected Software
17 affected componentsFixes available
Apple macOS Tahoe<26
26
Apple tvOS<26
26
Apple iOS<26
26
Apple iPadOS<26
26
Apple macOS Sonoma<14.8
14.8
Apple WatchOS<26
26
Apple visionOS<26
26
Apple macOS Sequoia<15.7
15.7
Apple iOS<18.7
18.7
Apple iPadOS<18.7
18.7
Apple iPadOS<18.7
Apple iPhone OS<18.7
Apple macOS>=14.0<14.8
Apple macOS>=15.0<15.7
Apple tvOS<26.0
Apple visionOS<26.0
Apple WatchOS<26.0
Event History
Sep 15, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·10:35 PM
Data Sourced
via MITRE·10:35 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43349?
CVE-2025-43349 has been classified with a high severity due to critical permissions issues and buffer overflow vulnerabilities.
2
How do I fix CVE-2025-43349?
To fix CVE-2025-43349, users should update their affected Apple devices to the latest versions available as per the vendor's recommendations.
3
Which versions of macOS are affected by CVE-2025-43349?
CVE-2025-43349 affects macOS Tahoe up to version 26, as well as macOS Sonoma up to version 14.8.
4
What devices are impacted by CVE-2025-43349?
CVE-2025-43349 impacts multiple Apple devices including Macs, iPhones, iPads, Apple Watch, and Apple TV running the specified affected versions.
5
What are the risks associated with CVE-2025-43349?
The risks associated with CVE-2025-43349 include potential unauthorized access, data corruption, and the ability for malicious services to execute on affected devices.