CVE-2025-43200

Published Jun 16, 2025

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-43200 is a vulnerability related to how Apple devices process maliciously crafted photos or videos shared via iCloud Link. A logic issue existed that could be exploited through a zero-click attack, meaning it could be triggered without any user interaction. Apple has acknowledged that this vulnerability may have been used in targeted attacks against specific individuals. The vulnerability was addressed with improved checks in iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1, released on February 10, 2025. Citizen Lab has found forensic evidence that this vulnerability was leveraged to deploy Paragon's Graphite spyware against journalists.

Description
This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Source
product-security@apple.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.8
Impact score
2.5
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
Apple Multiple Products Unspecified Vulnerability
Exploit added on
Jun 16, 2025
Exploit action due
Jul 7, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending
  1. My latest theory for iOS Graphite Paragon's spyware CVE-2025-43200: 1. Attacker sends a pic containing an inactive payload that targets a parser (pass Blastdoor) and is saved on phone 2. Target resend the pic, passing it through the parser and exploiting it outside sandbox https

    @jaybird1291

    18 Jul 2025

    88 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Paragon’s Graphite mercenary spyware. IOS #Forensics iMessage CVE-2025-43200 IOC: "BIGPRETZEL" 46.183.184[.]91(EDIS Global) 🚀 FREE GIVEAWAY! 🚀 I’m excited to announce FREE GIVEAWAYS For - iCloud Bypass (Activation Lock Removal) -MDM Removal (School/Work Unlock) htt

    @minacrissDev_

    15 Jul 2025

    429 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  3. ⚠️ 𝚒𝙾𝚂 𝙲𝚅𝙴 𝚆𝚊𝚛𝚗𝚒𝚗𝚐: Current evidence indicates sophisticated state-sponsored actors are actively exploiting iPhone vulnerabilities: • Paragon’s Graphite spyware deployment through CVE-2025-43200 • Targeted attacks against journal

    @DetuschePhysik

    10 Jul 2025

    65 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    1 Reply

    1 Quote

  4. Tried to investigate on iOS Graphite Paragon’s spyware CVE (CVE-2025-43200) by doing patch diffing! It’s a first time for me, don’t hesitate to text me if you find a mistake or think about an attack vector! 🤓 https://t.co/k6IO68lLyg https://t.co/dXbHLJIRqK

    @jaybird1291

    9 Jul 2025

    521 Impressions

    4 Retweets

    5 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  5. السلام عليكم ، تكلمت عن CVE-2025-43200 الـCVE يصيب الـiPhone 👾 https://t.co/4e00xRYvmj https://t.co/Lny3PPjZQs

    @0x4161

    3 Jul 2025

    8047 Impressions

    13 Retweets

    72 Likes

    57 Bookmarks

    4 Replies

    3 Quotes

  6. CVE-2025-43200: szpieg przez iMessage. Update iOS i Tryb blokady TERAZ ➡ https://t.co/FhqxdKSt6l #Apple #ZeroClick #Bezpieczeństwo

    @PointZeroPL

    24 Jun 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Paragon's Graphite 'mercenary spyware' is mitigated by CVE-2025-43200. Apple released the fix on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1.

    @Sujeet

    22 Jun 2025

    207 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Apple CVE-2025-43200: Logic flaw when processing media via iCloud Link 📸🎥 #CISA states be exploited in highly sophisticated attacks. Patch ASAP on watchOS 11.3.1, iOS 15.8.4+, macOS 13.7.4+ & more 🛡️🔒 Details: https://t.co/vcnD9WFLC4 #infosec #cybersecu

    @BaseFortify

    19 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Apple has patched a major zero-click vulnerability (CVE-2025-43200) in its Messages app, which was exploited to deliver Paragon's Graphite spyware to targeted journalists via iCloud links. The spyware, capable of full surveillance without user interaction, affected iOS, macOS h

    @smart_c_intel

    19 Jun 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. ⚠️Vulnerabilidad de seguridad en productos Apple ❗CVE-2025-43200 ➡️Más info: https://t.co/wFUU7qYWHv https://t.co/LSAfdQcmnm

    @CERTpy

    18 Jun 2025

    107 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. #CVE-2025-43200 #Apple Multiple Products Unspecified #Vulnerability https://t.co/JGTcFaUKJD

    @ScyScan

    18 Jun 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. csirt_it: ‼️ #Exploited: rilevato lo sfruttamento attivo della CVE-2025-43200 relativa all’app #Messages di #Apple Rischio:🔴 Tipologia 🔸Remote Code Execution 🔗https://t.co/2qZK1bu0n5 ⚠Importante aggiornare i software interessati https://t.co/kgDoL3sAT6

    @Vulcanux_

    17 Jun 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ‼️ #Exploited: rilevato lo sfruttamento attivo della CVE-2025-43200 relativa all’app #Messages di #Apple Rischio:🔴 Tipologia 🔸Remote Code Execution 🔗https://t.co/7h8DUD6QWs ⚠Importante aggiornare i software interessati https://t.co/X6XMZYnurc

    @csirt_it

    17 Jun 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Apple recently patched a critical zero-click vulnerability in its Messages app (CVE-2025-43200), which was actively exploited in targeted attacks against civil society members, including journalists. This flaw, now fixed in the latest updates of iOS, macOS, watchOS, and other h

    @FORTBRIDGE

    17 Jun 2025

    58 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. iOS のゼロクリック攻撃が Graphite スパイウェアの配信に利用される (CVE-2025-43200) iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) #HelpNetSecurity (Jun 13) https://t.co/A2L3xIKnZ4

    @foxbook

    16 Jun 2025

    213 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Attaques « zéro-clic » sur iOS utilisées pour diffuser le logiciel espion Graphite (CVE-2025-43200) - Help Net Security https://t.co/ms5AtlxSWM

    @PVynckier

    15 Jun 2025

    130 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Citizen Lab confirmed Paragon Solutions used Graphite spyware to target journalists via iMessage zero click exploit CVE-2025-43200. The silent hack gains root access, spying on camera, mic & data without user action. Media & rights defenders are at high risk. #CyberSecuri

    @SalimRootsec

    15 Jun 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 📱🔓 **New Alert in #CyberSecurity!** 🌐 Zero-click attacks on iOS are on the rise! The latest threat? Graphite spyware exploiting CVE-2025-43200! 🔍📲 Protect your devices before #malware takes control. Stay informed, stay secure!

    @WideWatchers

    15 Jun 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Apple patched a zero-click vulnerability (CVE-2025-43200) in its Messages app exploited to deploy Paragon's Graphite spyware, developed by an Israeli private sector offensive actor (PSOA). https://t.co/vgzkff6i1x

    @WalkureARCH

    14 Jun 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. New zero-click iOS exploit (CVE-2025-43200) just patched in iOS 18.3.1. Used to drop Paragon spyware on journalists’ phones via nothing more than a photo or video message. No tap, no click. If you haven’t updated yet, do it now. #infosec #zeroclick #iOS https://t.co/rWN0lvD2

    @jon_w_chapman

    14 Jun 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. #cybersecurity https://t.co/1FrQgG8m2

    @cybertzar

    14 Jun 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Actively exploited CVE : CVE-2025-43200

    @transilienceai

    13 Jun 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Apple patched a zero-click flaw (CVE-2025-43200) in iOS 18.3.1 exploited to install Paragon Graphite spyware on European journalists' iPhones. Highlights the need for swift security updates against advanced threats. 📱🔒 #iOS #Spyware #Europe https://t.co/78pdQcFbdP

    @TweetThreatNews

    13 Jun 2025

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) https://t.co/vENYeLqGla #HelpNetSecurity #Cybersecurity https://t.co/ySTmRwUHeB

    @PoseidonTPA

    13 Jun 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. #iOS zero-click attacks used to deliver #Graphite #spyware (CVE-2025-43200) https://t.co/0KtTN6vB2R

    @ScyScan

    13 Jun 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware Apple patched CVE-2025-43200, a zero-click Messages flaw exploited to deploy Paragon’s Graphite spyware against journalists, including Ciro Pellegrino. The vulnerability, fixed in February

    @dCypherIO

    13 Jun 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 🗞️ Paragon’s Graphite spyware exploited a zero-day iOS flaw (CVE-2025-43200) via iMessage to target journalists’ iPhones in zero-click attacks. Apple patched the vulnerability in iOS 18.3.1, urging users to update immediately to prevent espionage. Key takeaways: 🧵 h

    @gossy_84

    13 Jun 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Security Alert: Apple patched a zero-click flaw (CVE-2025-43200) in Messages, exploited to spy on journalists with Paragon Graphite spyware. This bug, fixed in Feb 2025 updates, let attackers infect devices via iCloud links without interaction. Logistics firms using iOS devices h

    @tony3266

    13 Jun 2025

    88 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Apple Quietly Patches iOS Zero-Day (CVE-2025-43200) Exploited by Israeli Spyware Targeting Journalists https://t.co/wLfY3gwThh

    @the_yellow_fall

    13 Jun 2025

    232 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. Apple patched a critical Messages flaw (CVE-2025-43200) exploited in zero-click attacks on European journalists by state-sponsored spyware Paragon using Graphite. Victims remained unaware of spyware. 🛡️ #AppleSecurity #ParagonSpyware #Europe https://t.co/ps4V8icRvl

    @TweetThreatNews

    13 Jun 2025

    39 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. Paragon’s Graphite mercenary spyware. IOS #Forensics iMessage CVE-2025-43200 IOC: "BIGPRETZEL" 46.183.184[.]91(EDIS Global) https://t.co/sotqPTltvu https://t.co/hTkOd0HrIt

    @blackorbird

    13 Jun 2025

    2388 Impressions

    5 Retweets

    19 Likes

    11 Bookmarks

    0 Replies

    1 Quote

  32. Paragon’s Graphite mercenary spyware. IOS #Forensics iMessage CVE-2025-43200 "BIGPRETZEL" https://t.co/sotqPTltvu https://t.co/TJn9Z2WneL

    @blackorbird

    13 Jun 2025

    90 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. イスラエル企業Paragonが、iPhoneのゼロデイ脆弱性(CVE-2025-43200)を悪用し、スパイウェア「Graphite」でヨーロッパのジャーナリスト複数名を標的にしていたことが発覚 https://t.co/1rgVmv1KT8 @nikkeimatomeより

    @nikkeimatome

    13 Jun 2025

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. iPhoneのゼロデイ脆弱性CVE-2025-43200を悪用してParagon社のGraphiteスパイウェアが欧州のジャーナリスト複数名に対して使用されていた。Citizen Lab報告。イタリア政府によるGraphiteの使用は既報で、同国政府はParagon社

    @__kokumoto

    12 Jun 2025

    1251 Impressions

    2 Retweets

    14 Likes

    5 Bookmarks

    0 Replies

    1 Quote

  35. zero-click attack deployed in these cases was mitigated as of iOS 18.3.1. If you need writeup or Source code send me dm It’s still working in iOS 17 and 18.1 That's #CVE-2025-43200 for the curious. Make sure to keep your iPhones up to date. https://t.co/okywpS1qYq https:

    @minacrissDev_

    12 Jun 2025

    642 Impressions

    0 Retweets

    1 Like

    2 Bookmarks

    0 Replies

    0 Quotes

  36. European journalists targeted with Paragon spyware via zero-click iOS attack exploiting CVE-2025-43200. Links to Graphite infrastructure raise concerns over government transparency. 🇮🇹🔍 #Spyware #Journalism #Italy https://t.co/SOxzeLZ4P0

    @TweetThreatNews

    12 Jun 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations