CVE-2025-43398: Input Validation
Published Nov 3, 2025
·Updated
Accessibility. A permissions issue was addressed with additional restrictions.
Other sources
Admin Framework. A logic issue was addressed with improved checks.
— Apple
Admin Framework. The issue was addressed with improved checks.
— Apple
App Store. A logging issue was addressed with improved data redaction.
— Apple
Apple Account. A privacy issue was addressed with improved checks.
— Apple
Apple Neural Engine. The issue was addressed with improved memory handling.
— Apple
Credit
Ron Masas(BreakPoint), Pinak Oza, an anonymous researcher, Gergely Kalman@@gergely_kalman, Hikerell (Loadshine Lab), Zhongcheng Li(IES Red Team of ByteDance), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), iisBuri, Apple, Cristian Dinca (icmd.tech), Dave G.(supernetworks), Alex Radocea(supernetworks), Taavi Eomäe(Zone Media), Romain Lebesle(Khatima), Himanshu Bharti@@Xpl0itme(Khatima), Dalibor Milanovic, @@RenwaX23, Stanislav Jelezoglo, Aleksejs Popovs, Phil Beauvoir, Google Big Sleep, Nan Wang@@eternalsakura13, rheza@@ginggilBesel(Trend Micro Zero Day Initiative), shandikri(Trend Micro Zero Day Initiative), Gary Kwong(Trend Micro Zero Day Initiative), Justin Cohen(Google), Tom Van Goethem, Ryan Dowd@@_rdowd, Csaba Fitzl@@theevilbit(Kandji), Nolan Astrein(Kandji), Mickey Jin@@patch1t, Joseph Ravichandran@@0xjprx(MIT CSAIL), Dave G. (supernetworks.org), JZ, Michael Reeves@@IntegralPilot, Duy Trần@@khanhduytran0, Morris Richman@@morrisinlife, 이동하 (Lee Dong Ha(BoB 14th), wac(Trend Micro Zero Day Initiative), Adwiteeya Agrawal, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), pattern-f@@pattern_F_, Ferdous Saljooki@@malwarezoo(Jamf), Murray Mike, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), BynarIO AI (bynar.io), Kirin@@Pwnrin, Atul R V, Asaf Cohen, CVE-2024-43398, CVE-2024-49761, CVE-2025-6442, Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Nikolai Skliarenko(Trend Micro Zero Day Initiative), Kirin@@Pwnrin(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Wang Yu(Cyberserval), Dennis Briner, Minghao Lin@@Y1nKoc, Lyutoon@@Lyutoon_, YingQi Shi@@Mas0n, Joshua Thomas, rheza@@ginggilBesel, Lehan Dilusha Jayasinghe, Gary Kwong, Wojciech Regula(SecuRing), Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), Lukaah Marlowe, Rosyna Keller(Totally Not Malicious Software), Google Threat Analysis Group, KPC(Cisco Talos), Isaiah Wan, Will Caine, Thomas Salomon, Sufiyan Gouri (TU Darmstadt), Phil Scott & Richard Hyunho Im (@richeeta)@@MrPeriPeri, Mark Bowers, Joey Hewitt, Dylan Rollins, Arthur Baudoin, Andr.Ess, Mikael Kinnman, 이동하 (Lee Dong Ha)(SSA Lab), Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), CVE-2025-6965, Kenneth Chew, Rodolphe Brunetti@@eisw0lf(Lupus Nova), @@EthanArbuckle, Doug Hogan, Zhongquan Li@@Guluisacat, an anonymous researcher(Microsoft), Amy@@asentientbot, CVE-2025-32462, CVE-2025-53906, @@cloudlldb
Affected Software
17 affected componentsFixes available
Apple WatchOS<26.1
26.1
Apple tvOS<26.1
26.1
Apple visionOS<26.1
26.1
Apple macOS Tahoe<26.1
26.1
Apple macOS Sequoia<15.7.2
15.7.2
Apple macOS Sonoma<14.8.2
14.8.2
Apple iOS<26.1
26.1
Apple iPadOS<26.1
26.1
Apple iPadOS<26.1
Apple iPhone OS<26.1
Apple macOS>=14.0<14.8.2
Apple macOS>=15.0<15.7.2
Apple tvOS<26.1
Apple visionOS<26.1
Apple WatchOS<26.1
Apple iOS<18.7.2
18.7.2
Apple iPadOS<18.7.2
18.7.2
Event History
Nov 3, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
WeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Updated
via Apple·12:00 AM
Affected Software
Nov 4, 2025
CVE Published
via MITRE·01:16 AM
Data Sourced
via MITRE·01:16 AM
DescriptionWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Nov 5, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-43455
- CVE-2025-43447
- CVE-2025-43462
- CVE-2025-43379
- CVE-2025-43448
- CVE-2025-43436
- CVE-2025-43445
- CVE-2025-43507
- CVE-2025-43400
- CVE-2025-43444
- CVE-2025-43398
- CVE-2025-43510
- CVE-2025-43520
- CVE-2025-43413
- CVE-2025-43494
- CVE-2025-43496
- CVE-2025-43294
- CVE-2025-43459
- CVE-2025-43503
- CVE-2025-43500
- CVE-2025-43480
- CVE-2025-43458
- CVE-2025-43430
- CVE-2025-43443
- CVE-2025-43440
- CVE-2025-43438
- CVE-2025-43457
- CVE-2025-43434
- CVE-2025-43435
- CVE-2025-43425
- CVE-2025-43433
- CVE-2025-43431
- CVE-2025-43432
- CVE-2025-43429
- CVE-2025-43392
- CVE-2025-43322
- CVE-2025-43337
- CVE-2025-43390
- CVE-2025-43468
- CVE-2025-43469
- CVE-2025-43378
- CVE-2025-43478
- CVE-2025-43407
- CVE-2025-43446
- CVE-2025-43361
- CVE-2025-43423
- CVE-2025-43472
- CVE-2025-43394
- CVE-2025-43395
- CVE-2025-43401
- CVE-2025-43292
- CVE-2025-43479
- CVE-2025-43382
- CVE-2025-43481
- CVE-2025-43387
- CVE-2025-43420
- CVE-2025-43498
- CVE-2025-43348
- CVE-2025-43474
- CVE-2025-43396
- CVE-2025-43383
- CVE-2025-43385
- CVE-2025-43384
- CVE-2025-43377
- CVE-2025-43389
- CVE-2025-43410
- CVE-2025-43411
- CVE-2025-43405
- CVE-2025-43391
- CVE-2024-43398
- CVE-2024-49761
- CVE-2025-6442
- CVE-2025-43335
- CVE-2025-43408
- CVE-2025-43476
- CVE-2025-30465
- CVE-2025-43414
- CVE-2025-43499
- CVE-2025-43380
- CVE-2025-43477
- CVE-2025-43399
- CVE-2025-43336
- CVE-2025-43397
- CVE-2025-43409
- CVE-2025-43334
- CVE-2025-43412
- CVE-2025-43373
- CVE-2025-43442
- CVE-2025-43450
- CVE-2025-43365
- CVE-2025-43386
- CVE-2025-43439
- CVE-2025-43493
- CVE-2025-43454
- CVE-2025-43418
- CVE-2025-43441
- CVE-2025-43495
- CVE-2025-43511
- CVE-2025-43502
- CVE-2025-43427
- CVE-2025-43421
- CVE-2025-43449
- CVE-2025-43426
- CVE-2025-43350
- CVE-2025-43437
- CVE-2025-43424
- CVE-2025-46316
- CVE-2025-43460
- CVE-2025-43422
- CVE-2025-43452
- CVE-2025-43372
- CVE-2025-43338
- CVE-2025-31199
- CVE-2025-6965
- CVE-2025-43471
- CVE-2025-46313
- CVE-2025-43388
- CVE-2025-43466
- CVE-2025-43465
- CVE-2025-43497
- CVE-2025-43461
- CVE-2025-43381
- CVE-2025-43470
- CVE-2025-46315
- CVE-2025-43464
- CVE-2025-43467
- CVE-2025-43364
- CVE-2025-43506
- CVE-2025-43508
- CVE-2025-43393
- CVE-2025-43406
- CVE-2025-43404
- CVE-2025-43339
- CVE-2025-43473
- CVE-2025-43351
- CVE-2025-43463
- CVE-2025-32462
- CVE-2025-53906
- CVE-2025-43402
Frequently Asked Questions
1
What is the severity of CVE-2025-43398?
CVE-2025-43398 has been rated with a severity level that indicates it could lead to potential unauthorized access due to permission issues.
2
How do I fix CVE-2025-43398?
To resolve CVE-2025-43398, update your affected Apple software to the latest version specified by Apple, which is 26.1 or the applicable version for your product.
3
What products are affected by CVE-2025-43398?
CVE-2025-43398 affects multiple Apple products including watchOS, tvOS, visionOS, macOS Tahoe, macOS Sequoia, macOS Sonoma, iOS, and iPadOS.
4
What types of issues does CVE-2025-43398 address?
CVE-2025-43398 addresses a permissions issue, logic issue, and a privacy issue with improved checks to enhance the security of affected products.
5
When was CVE-2025-43398 announced?
CVE-2025-43398 was announced as part of an Apple security advisory and includes fixes aimed at improving system integrity and user privacy.