CVE-2025-43356

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-43356
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/125108 Release Notes Vendor Advisory
https://support.apple.com/en-us/125109 Release Notes Vendor Advisory
https://support.apple.com/en-us/125110 Release Notes Vendor Advisory
https://support.apple.com/en-us/125113 Release Notes Vendor Advisory
https://support.apple.com/en-us/125114 Release Notes Vendor Advisory
https://support.apple.com/en-us/125115 Release Notes Vendor Advisory
https://support.apple.com/en-us/125116 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

17 Sep 2025, 14:04

Type Values Removed Values Added
First Time Apple macos
Apple ipados
Apple visionos
Apple tvos
Apple safari
Apple
Apple watchos
Apple iphone Os
CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/125108 - () https://support.apple.com/en-us/125108 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/125109 - () https://support.apple.com/en-us/125109 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/125110 - () https://support.apple.com/en-us/125110 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/125113 - () https://support.apple.com/en-us/125113 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/125114 - () https://support.apple.com/en-us/125114 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/125115 - () https://support.apple.com/en-us/125115 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/125116 - () https://support.apple.com/en-us/125116 - Release Notes, Vendor Advisory

16 Sep 2025, 18:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
CWE CWE-200

15 Sep 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-15 23:15

Updated : 2025-09-17 14:04

NVD link : CVE-2025-43356

Mitre link : CVE-2025-43356

CVE.ORG link : CVE-2025-43356

JSON object : View

Products Affected

apple

  • safari
  • tvos
  • ipados
  • iphone_os
  • visionos
  • watchos
  • macos
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor