CVE-2025-43438

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/125633

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

05 Nov 2025, 19:15

Type	Values Removed	Values Added
Summary	(en) A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.	(en) A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References	~~{'url': 'https://support.apple.com/en-us/125632', 'tags': ['Vendor Advisory', 'Release Notes'], 'source': 'product-security@apple.com'}~~ ~~{'url': 'https://support.apple.com/en-us/125638', 'tags': ['Vendor Advisory', 'Release Notes'], 'source': 'product-security@apple.com'}~~ ~~{'url': 'https://support.apple.com/en-us/125639', 'tags': ['Vendor Advisory', 'Release Notes'], 'source': 'product-security@apple.com'}~~ ~~{'url': 'https://support.apple.com/en-us/125640', 'tags': ['Vendor Advisory', 'Release Notes'], 'source': 'product-security@apple.com'}~~	() https://support.apple.com/en-us/125633 -

04 Nov 2025, 19:05

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:ipados::::::::
First Time		Apple visionos Apple safari Apple Apple iphone Os Apple ipados Apple watchos
References	~~() https://support.apple.com/en-us/125632 -~~	() https://support.apple.com/en-us/125632 - Vendor Advisory, Release Notes
References	~~() https://support.apple.com/en-us/125638 -~~	() https://support.apple.com/en-us/125638 - Vendor Advisory, Release Notes
References	~~() https://support.apple.com/en-us/125639 -~~	() https://support.apple.com/en-us/125639 - Vendor Advisory, Release Notes
References	~~() https://support.apple.com/en-us/125640 -~~	() https://support.apple.com/en-us/125640 - Vendor Advisory, Release Notes

04 Nov 2025, 14:15

Type	Values Removed	Values Added
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3

04 Nov 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-11-04 02:15

Updated : 2025-11-05 19:15

NVD link : CVE-2025-43438

Mitre link : CVE-2025-43438

CVE.ORG link : CVE-2025-43438

JSON object : View

Products Affected

apple

ipados
safari
watchos
iphone_os
visionos

CWE

CWE-416

Use After Free

4.3 /10