CVE-2025-43300

Published Aug 21, 2025

Last updated a month ago

Exploit known CVSS critical 10.0

Apple

iOS

hsm

Mobile device

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-43300 is an out-of-bounds write vulnerability that exists within Apple's Image I/O framework. The vulnerability can be triggered when a device processes a maliciously crafted image file, which can lead to memory corruption. Successful exploitation of this vulnerability can occur when a program writes data outside of an allocated memory buffer. This can result in the program crashing, data corruption, or potentially remote code execution. Apple has addressed this issue with improved bounds checking in multiple operating systems, including iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

Description: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Source: product-security@apple.com
NVD status: Analyzed
Products: ipados, iphone_os, macos

Insights

Analysis from the Intruder Security Team

Published Aug 26, 2025 Updated Aug 26, 2025

Researchers have been analysing the patch and have been able to trigger the crash within the iOS JPEG lossless decompression within RawCamera.bundle. Some git repositories with the results of their analysis have been made public here and here.

According to Apple, this issue has been "exploited in an extremely sophisticated attack against specific targeted individuals". A vulnerability of this nature takes significant resources to develop. As such, this is extremely valuable to threat actors where some vulnerability brokers would pay up to $15 million for a working proof-of-concept for this type of attack. Therefore we can assume widespread exploitation has not happened, but with the progress researchers have been making it will only be a matter of time before that happens. Patches should be applied immediately.

Risk scores

CVSS 3.1

Type: Secondary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

Known exploits

Data from CISA

Vulnerability name: Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Exploit added on: Aug 21, 2025
Exploit action due: Sep 11, 2025
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CBDB9319-770B-401B-8D7E-40BB6E370446",
            "versionEndExcluding": "15.8.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "9BD176E0-E5C8-4009-A214-B8C9AFA59934",
            "versionEndExcluding": "16.7.12",
            "versionStartIncluding": "16.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "627AF492-F9C4-4371-A223-D60CC5B6B62F",
            "versionEndExcluding": "17.7.10",
            "versionStartIncluding": "17.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E640930D-FE94-4B16-9512-9E95091644E5",
            "versionEndExcluding": "18.6.2",
            "versionStartIncluding": "18.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E1F99051-EE84-4D7D-8042-688337134F24",
            "versionEndExcluding": "15.8.5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D79D2C71-2062-4D9E-8E3C-23C00CEE6226",
            "versionEndExcluding": "16.7.12",
            "versionStartIncluding": "16.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F0A2EB6F-B8DC-431A-8D79-9B333FFEC6F7",
            "versionEndExcluding": "18.6.2",
            "versionStartIncluding": "17.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "258926FE-693C-4212-AC37-CB84E541DB00",
            "versionEndExcluding": "13.7.8",
            "versionStartIncluding": "13.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0FF9BBB9-6308-4730-AC66-90A7F6925B46",
            "versionEndExcluding": "14.7.8",
            "versionStartIncluding": "14.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "79B1205D-7176-41CD-BC7F-2F28D6D31935",
            "versionEndExcluding": "15.6.1",
            "versionStartIncluding": "15.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.