CVE-2025-43455: Infoleak
Published Nov 3, 2025
·Updated
A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. A malicious app may be able to take a screenshot of sensitive information in embedded views.
Credit
Ron Masas(BreakPoint), Pinak Oza, an anonymous researcher, Gergely Kalman@@gergely_kalman, Hikerell (Loadshine Lab), Zhongcheng Li(IES Red Team of ByteDance), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), iisBuri, Apple, Cristian Dinca (icmd.tech), Dave G.(supernetworks), Alex Radocea(supernetworks), Taavi Eomäe(Zone Media), Romain Lebesle(Khatima), Himanshu Bharti@@Xpl0itme(Khatima), Dalibor Milanovic, @@RenwaX23, Stanislav Jelezoglo, Aleksejs Popovs, Phil Beauvoir, Google Big Sleep, Nan Wang@@eternalsakura13, rheza@@ginggilBesel(Trend Micro Zero Day Initiative), shandikri(Trend Micro Zero Day Initiative), Gary Kwong(Trend Micro Zero Day Initiative), Justin Cohen(Google), Tom Van Goethem, JZ, Duy Trần@@khanhduytran0, pattern-f@@pattern_F_, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Kirin@@Pwnrin, Gary Kwong, rheza@@ginggilBesel, Ryan Dowd@@_rdowd, Mickey Jin@@patch1t, Joseph Ravichandran@@0xjprx(MIT CSAIL), Dave G. (supernetworks.org), Csaba Fitzl@@theevilbit(Kandji), Wojciech Regula(SecuRing), Kirin@@Pwnrin(Fudan University), LFY@@secsys(Fudan University), 이동하 (Lee Dong Ha(BoB 14th), wac(Trend Micro Zero Day Initiative), Adwiteeya Agrawal, Kenneth Chew, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), @@EthanArbuckle, Ferdous Saljooki@@malwarezoo(Jamf), Murray Mike, BynarIO AI (bynar.io), Google Threat Analysis Group, Doug Hogan, Asaf Cohen, KPC(Cisco Talos), CVE-2024-43398, CVE-2024-49761, CVE-2025-6442, Zhongquan Li@@Guluisacat, Vivek Dhar, ASI (RM) in Border Security Force, FTR HQ BSF Kashmir, Nikolai Skliarenko(Trend Micro Zero Day Initiative), an anonymous researcher(Microsoft), Kirin@@Pwnrin(Microsoft), Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Amy@@asentientbot, CVE-2025-32462, CVE-2025-53906, Wang Yu(Cyberserval), @@cloudlldb, Morris Richman@@morrisinlife, Rosyna Keller(Totally Not Malicious Software), Dennis Briner, Lukaah Marlowe, Joshua Thomas, Isaiah Wan, Will Caine, Thomas Salomon, Sufiyan Gouri (TU Darmstadt), Phil Scott & Richard Hyunho Im (@richeeta)@@MrPeriPeri, Mark Bowers, Joey Hewitt, Dylan Rollins, Arthur Baudoin, Andr.Ess, Mikael Kinnman, Lehan Dilusha Jayasinghe
Affected Software
9 affected componentsFixes available
Apple WatchOS<26.1
26.1
Apple visionOS<26.1
26.1
Apple macOS Tahoe<26.1
26.1
Apple iOS<26.1
26.1
Apple iPadOS<26.1
26.1
Apple iPadOS<26.1
Apple iPhone OS<26.1
Apple visionOS<26.1
Apple WatchOS<26.1
Event History
Nov 3, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Nov 4, 2025
CVE Published
via MITRE·01:16 AM
Data Sourced
via MITRE·01:16 AM
DescriptionWeakness
Data Sourced
via NVD·02:15 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-43455?
CVE-2025-43455 is classified as a privacy issue that affects the security of sensitive information in embedded views.
2
How do I fix CVE-2025-43455?
To fix CVE-2025-43455, update your device to watchOS 26.1, iOS 26.1, iPadOS 26.1, or visionOS 26.1.
3
What devices are affected by CVE-2025-43455?
CVE-2025-43455 affects devices running watchOS, iOS, iPadOS, and visionOS prior to version 26.1.
4
What type of attack does CVE-2025-43455 enable?
CVE-2025-43455 may allow a malicious app to take unauthorized screenshots of sensitive information.
5
Was CVE-2025-43455 addressed in previous software versions?
CVE-2025-43455 was not addressed in previous software versions, and the fix is included only in version 26.1.