AI description
CVE-2025-43200 is a vulnerability related to how Apple devices process maliciously crafted photos or videos shared via iCloud Link. A logic issue existed that could be exploited through a zero-click attack, meaning it could be triggered without any user interaction. Apple has acknowledged that this vulnerability may have been used in targeted attacks against specific individuals. The vulnerability was addressed with improved checks in iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1, released on February 10, 2025. Citizen Lab has found forensic evidence that this vulnerability was leveraged to deploy Paragon's Graphite spyware against journalists.
- Description
- This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
- Source
- product-security@apple.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 4.8
- Impact score
- 2.5
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Apple Multiple Products Unspecified Vulnerability
- Exploit added on
- Jun 16, 2025
- Exploit action due
- Jul 7, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
My latest theory for iOS Graphite Paragon's spyware CVE-2025-43200: 1. Attacker sends a pic containing an inactive payload that targets a parser (pass Blastdoor) and is saved on phone 2. Target resend the pic, passing it through the parser and exploiting it outside sandbox https
@jaybird1291
18 Jul 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Paragon’s Graphite mercenary spyware. IOS #Forensics iMessage CVE-2025-43200 IOC: "BIGPRETZEL" 46.183.184[.]91(EDIS Global) 🚀 FREE GIVEAWAY! 🚀 I’m excited to announce FREE GIVEAWAYS For - iCloud Bypass (Activation Lock Removal) -MDM Removal (School/Work Unlock) htt
@minacrissDev_
15 Jul 2025
429 Impressions
2 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
⚠️ 𝚒𝙾𝚂 𝙲𝚅𝙴 𝚆𝚊𝚛𝚗𝚒𝚗𝚐: Current evidence indicates sophisticated state-sponsored actors are actively exploiting iPhone vulnerabilities: • Paragon’s Graphite spyware deployment through CVE-2025-43200 • Targeted attacks against journal
@DetuschePhysik
10 Jul 2025
65 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
1 Quote
Tried to investigate on iOS Graphite Paragon’s spyware CVE (CVE-2025-43200) by doing patch diffing! It’s a first time for me, don’t hesitate to text me if you find a mistake or think about an attack vector! 🤓 https://t.co/k6IO68lLyg https://t.co/dXbHLJIRqK
@jaybird1291
9 Jul 2025
521 Impressions
4 Retweets
5 Likes
2 Bookmarks
1 Reply
0 Quotes
السلام عليكم ، تكلمت عن CVE-2025-43200 الـCVE يصيب الـiPhone 👾 https://t.co/4e00xRYvmj https://t.co/Lny3PPjZQs
@0x4161
3 Jul 2025
8047 Impressions
13 Retweets
72 Likes
57 Bookmarks
4 Replies
3 Quotes
CVE-2025-43200: szpieg przez iMessage. Update iOS i Tryb blokady TERAZ ➡ https://t.co/FhqxdKSt6l #Apple #ZeroClick #Bezpieczeństwo
@PointZeroPL
24 Jun 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Paragon's Graphite 'mercenary spyware' is mitigated by CVE-2025-43200. Apple released the fix on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1.
@Sujeet
22 Jun 2025
207 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apple CVE-2025-43200: Logic flaw when processing media via iCloud Link 📸🎥 #CISA states be exploited in highly sophisticated attacks. Patch ASAP on watchOS 11.3.1, iOS 15.8.4+, macOS 13.7.4+ & more 🛡️🔒 Details: https://t.co/vcnD9WFLC4 #infosec #cybersecu
@BaseFortify
19 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple has patched a major zero-click vulnerability (CVE-2025-43200) in its Messages app, which was exploited to deliver Paragon's Graphite spyware to targeted journalists via iCloud links. The spyware, capable of full surveillance without user interaction, affected iOS, macOS h
@smart_c_intel
19 Jun 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️Vulnerabilidad de seguridad en productos Apple ❗CVE-2025-43200 ➡️Más info: https://t.co/wFUU7qYWHv https://t.co/LSAfdQcmnm
@CERTpy
18 Jun 2025
107 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CVE-2025-43200 #Apple Multiple Products Unspecified #Vulnerability https://t.co/JGTcFaUKJD
@ScyScan
18 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
csirt_it: ‼️ #Exploited: rilevato lo sfruttamento attivo della CVE-2025-43200 relativa all’app #Messages di #Apple Rischio:🔴 Tipologia 🔸Remote Code Execution 🔗https://t.co/2qZK1bu0n5 ⚠Importante aggiornare i software interessati https://t.co/kgDoL3sAT6
@Vulcanux_
17 Jun 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ #Exploited: rilevato lo sfruttamento attivo della CVE-2025-43200 relativa all’app #Messages di #Apple Rischio:🔴 Tipologia 🔸Remote Code Execution 🔗https://t.co/7h8DUD6QWs ⚠Importante aggiornare i software interessati https://t.co/X6XMZYnurc
@csirt_it
17 Jun 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple recently patched a critical zero-click vulnerability in its Messages app (CVE-2025-43200), which was actively exploited in targeted attacks against civil society members, including journalists. This flaw, now fixed in the latest updates of iOS, macOS, watchOS, and other h
@FORTBRIDGE
17 Jun 2025
58 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
iOS のゼロクリック攻撃が Graphite スパイウェアの配信に利用される (CVE-2025-43200) iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) #HelpNetSecurity (Jun 13) https://t.co/A2L3xIKnZ4
@foxbook
16 Jun 2025
213 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Attaques « zéro-clic » sur iOS utilisées pour diffuser le logiciel espion Graphite (CVE-2025-43200) - Help Net Security https://t.co/ms5AtlxSWM
@PVynckier
15 Jun 2025
130 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
Citizen Lab confirmed Paragon Solutions used Graphite spyware to target journalists via iMessage zero click exploit CVE-2025-43200. The silent hack gains root access, spying on camera, mic & data without user action. Media & rights defenders are at high risk. #CyberSecuri
@SalimRootsec
15 Jun 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📱🔓 **New Alert in #CyberSecurity!** 🌐 Zero-click attacks on iOS are on the rise! The latest threat? Graphite spyware exploiting CVE-2025-43200! 🔍📲 Protect your devices before #malware takes control. Stay informed, stay secure!
@WideWatchers
15 Jun 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple patched a zero-click vulnerability (CVE-2025-43200) in its Messages app exploited to deploy Paragon's Graphite spyware, developed by an Israeli private sector offensive actor (PSOA). https://t.co/vgzkff6i1x
@WalkureARCH
14 Jun 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New zero-click iOS exploit (CVE-2025-43200) just patched in iOS 18.3.1. Used to drop Paragon spyware on journalists’ phones via nothing more than a photo or video message. No tap, no click. If you haven’t updated yet, do it now. #infosec #zeroclick #iOS https://t.co/rWN0lvD2
@jon_w_chapman
14 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. #cybersecurity https://t.co/1FrQgG8m2
@cybertzar
14 Jun 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-43200
@transilienceai
13 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apple patched a zero-click flaw (CVE-2025-43200) in iOS 18.3.1 exploited to install Paragon Graphite spyware on European journalists' iPhones. Highlights the need for swift security updates against advanced threats. 📱🔒 #iOS #Spyware #Europe https://t.co/78pdQcFbdP
@TweetThreatNews
13 Jun 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) https://t.co/vENYeLqGla #HelpNetSecurity #Cybersecurity https://t.co/ySTmRwUHeB
@PoseidonTPA
13 Jun 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#iOS zero-click attacks used to deliver #Graphite #spyware (CVE-2025-43200) https://t.co/0KtTN6vB2R
@ScyScan
13 Jun 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware Apple patched CVE-2025-43200, a zero-click Messages flaw exploited to deploy Paragon’s Graphite spyware against journalists, including Ciro Pellegrino. The vulnerability, fixed in February
@dCypherIO
13 Jun 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ Paragon’s Graphite spyware exploited a zero-day iOS flaw (CVE-2025-43200) via iMessage to target journalists’ iPhones in zero-click attacks. Apple patched the vulnerability in iOS 18.3.1, urging users to update immediately to prevent espionage. Key takeaways: 🧵 h
@gossy_84
13 Jun 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Security Alert: Apple patched a zero-click flaw (CVE-2025-43200) in Messages, exploited to spy on journalists with Paragon Graphite spyware. This bug, fixed in Feb 2025 updates, let attackers infect devices via iCloud links without interaction. Logistics firms using iOS devices h
@tony3266
13 Jun 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apple Quietly Patches iOS Zero-Day (CVE-2025-43200) Exploited by Israeli Spyware Targeting Journalists https://t.co/wLfY3gwThh
@the_yellow_fall
13 Jun 2025
232 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple patched a critical Messages flaw (CVE-2025-43200) exploited in zero-click attacks on European journalists by state-sponsored spyware Paragon using Graphite. Victims remained unaware of spyware. 🛡️ #AppleSecurity #ParagonSpyware #Europe https://t.co/ps4V8icRvl
@TweetThreatNews
13 Jun 2025
39 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Paragon’s Graphite mercenary spyware. IOS #Forensics iMessage CVE-2025-43200 IOC: "BIGPRETZEL" 46.183.184[.]91(EDIS Global) https://t.co/sotqPTltvu https://t.co/hTkOd0HrIt
@blackorbird
13 Jun 2025
2388 Impressions
5 Retweets
19 Likes
11 Bookmarks
0 Replies
1 Quote
Paragon’s Graphite mercenary spyware. IOS #Forensics iMessage CVE-2025-43200 "BIGPRETZEL" https://t.co/sotqPTltvu https://t.co/TJn9Z2WneL
@blackorbird
13 Jun 2025
90 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
イスラエル企業Paragonが、iPhoneのゼロデイ脆弱性(CVE-2025-43200)を悪用し、スパイウェア「Graphite」でヨーロッパのジャーナリスト複数名を標的にしていたことが発覚 https://t.co/1rgVmv1KT8 @nikkeimatomeより
@nikkeimatome
13 Jun 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
iPhoneのゼロデイ脆弱性CVE-2025-43200を悪用してParagon社のGraphiteスパイウェアが欧州のジャーナリスト複数名に対して使用されていた。Citizen Lab報告。イタリア政府によるGraphiteの使用は既報で、同国政府はParagon社
@__kokumoto
12 Jun 2025
1251 Impressions
2 Retweets
14 Likes
5 Bookmarks
0 Replies
1 Quote
zero-click attack deployed in these cases was mitigated as of iOS 18.3.1. If you need writeup or Source code send me dm It’s still working in iOS 17 and 18.1 That's #CVE-2025-43200 for the curious. Make sure to keep your iPhones up to date. https://t.co/okywpS1qYq https:
@minacrissDev_
12 Jun 2025
642 Impressions
0 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
European journalists targeted with Paragon spyware via zero-click iOS attack exploiting CVE-2025-43200. Links to Graphite infrastructure raise concerns over government transparency. 🇮🇹🔍 #Spyware #Journalism #Italy https://t.co/SOxzeLZ4P0
@TweetThreatNews
12 Jun 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "307F4698-5786-4CA5-98A8-E3AAF1E7A09D",
"versionEndExcluding": "15.8.4"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9323964E-AE9A-46DB-8E97-C74E77C914E2",
"versionEndExcluding": "16.7.11",
"versionStartIncluding": "16.0"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE5060E3-0884-40C3-B9EE-B0A72B7E400F",
"versionEndExcluding": "17.7.5",
"versionStartIncluding": "17.0"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A77F4D69-3C11-4074-A7E6-C85767F026EF",
"versionEndExcluding": "18.3.1",
"versionStartIncluding": "18.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8A92F23-F3AF-4365-B405-70AFC1D9ECB3",
"versionEndExcluding": "15.8.4"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53A97BDC-343C-4767-BE85-21CB53EEC517",
"versionEndIncluding": "16.7.11",
"versionStartIncluding": "16.0"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36145355-2878-4236-B2B7-ED32AEFD3862",
"versionEndIncluding": "18.3.1",
"versionStartIncluding": "17.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B4C5FF9-09CB-426B-AFE2-519E7AB7EA4F",
"versionEndExcluding": "13.7.4"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1B00E67-4EE3-49F8-9087-8C2FC95C9C6C",
"versionEndExcluding": "14.7.4",
"versionStartIncluding": "14.0"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A4E86B3-4331-4C55-9B1F-A15A5FC88BA9",
"versionEndExcluding": "15.3.1",
"versionStartIncluding": "15.0"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57566A2E-9B11-405D-8C46-F8FE45DA464B",
"versionEndExcluding": "2.3.1"
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F898D7BC-247F-434F-9F95-7771723C4F5C",
"versionEndExcluding": "11.3.1"
}
],
"operator": "OR"
}
]
}
]