CVE-2025-43447: Buffer Overflow
Published Nov 3, 2025
·Updated
Accessibility. A permissions issue was addressed with additional restrictions.
Credit
Ron Masas(BreakPoint), Pinak Oza, an anonymous researcher, Gergely Kalman@@gergely_kalman, Hikerell (Loadshine Lab), Zhongcheng Li(IES Red Team of ByteDance), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), iisBuri, Apple, Cristian Dinca (icmd.tech), Dave G.(supernetworks), Alex Radocea(supernetworks), Taavi Eomäe(Zone Media), Romain Lebesle(Khatima), Himanshu Bharti@@Xpl0itme(Khatima), Dalibor Milanovic, @@RenwaX23, Stanislav Jelezoglo, Aleksejs Popovs, Phil Beauvoir, Google Big Sleep, Nan Wang@@eternalsakura13, rheza@@ginggilBesel(Trend Micro Zero Day Initiative), shandikri(Trend Micro Zero Day Initiative), Gary Kwong(Trend Micro Zero Day Initiative), Justin Cohen(Google), Tom Van Goethem, JZ, Duy Trần@@khanhduytran0, pattern-f@@pattern_F_, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Kirin@@Pwnrin, Gary Kwong, rheza@@ginggilBesel, Ryan Dowd@@_rdowd, Mickey Jin@@patch1t, Joseph Ravichandran@@0xjprx(MIT CSAIL), Dave G. (supernetworks.org), Csaba Fitzl@@theevilbit(Kandji), Wojciech Regula(SecuRing), Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), 이동하 (Lee Dong Ha(BoB 14th), wac(Trend Micro Zero Day Initiative), Adwiteeya Agrawal, Kenneth Chew, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), @@EthanArbuckle, Ferdous Saljooki@@malwarezoo(Jamf), Murray Mike, BynarIO AI (bynar.io), Google Threat Analysis Group, Doug Hogan, Asaf Cohen, KPC(Cisco Talos), CVE-2024-43398, CVE-2024-49761, CVE-2025-6442, Zhongquan Li@@Guluisacat, Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Nikolai Skliarenko(Trend Micro Zero Day Initiative), an anonymous researcher(Microsoft), Kirin@@Pwnrin(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Amy@@asentientbot, CVE-2025-32462, CVE-2025-53906, Wang Yu(Cyberserval), @@cloudlldb, Morris Richman@@morrisinlife, Rosyna Keller(Totally Not Malicious Software), Dennis Briner, Lukaah Marlowe, Joshua Thomas, Isaiah Wan, Will Caine, Thomas Salomon, Sufiyan Gouri (TU Darmstadt), Phil Scott & Richard Hyunho Im (@richeeta)@@MrPeriPeri, Mark Bowers, Joey Hewitt, Dylan Rollins, Arthur Baudoin, Andr.Ess, Mikael Kinnman, Lehan Dilusha Jayasinghe
Affected Software
9 affected componentsFixes available
Apple WatchOS<26.1
26.1
Apple visionOS<26.1
26.1
Apple macOS Tahoe<26.1
26.1
Apple iOS<26.1
26.1
Apple iPadOS<26.1
26.1
Apple iPadOS<26.1
Apple iPhone OS<26.1
Apple visionOS<26.1
Apple WatchOS<26.1
Event History
Nov 3, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Nov 4, 2025
CVE Published
via MITRE·01:17 AM
Data Sourced
via MITRE·01:17 AM
DescriptionWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43447?
CVE-2025-43447 has been rated with a severity level indicating a significant impact on accessibility and privacy concerns.
2
How do I fix CVE-2025-43447?
To fix CVE-2025-43447, update your Apple device to version 26.1 or later.
3
Which Apple products are affected by CVE-2025-43447?
CVE-2025-43447 affects Apple iOS, iPadOS, macOS Tahoe, watchOS, and visionOS versions prior to 26.1.
4
What does CVE-2025-43447 address?
CVE-2025-43447 addresses a permissions issue, a logic issue, and a privacy issue with improved checks in Apple's admin framework.
5
Is CVE-2025-43447 connected to my personal data?
CVE-2025-43447 has privacy implications that may impact the security of your personal data on affected devices.