CVE-2025-43300
Published Aug 21, 2025
Last updated 4 months ago
- Description
- An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- ipados, iphone_os, macos
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
- Exploit added on
- Aug 21, 2025
- Exploit action due
- Sep 11, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-787
- Hype score
- Not currently trending
Top 5 Trending CVEs: 1 - CVE-2024-3094 2 - CVE-2025-43300 3 - CVE-2026-2796 4 - CVE-2026-1602 5 - CVE-2025-11411 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
11 Mar 2026
213 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter - Quarkslab's blog https://t.co/l2HZCDk0HY
@akaclandestine
10 Mar 2026
4568 Impressions
9 Retweets
69 Likes
39 Bookmarks
0 Replies
0 Quotes
Investigadores publicaron un patch analysis de la vulnerabilidad CVE-2025-43300 en Apple iOS, identificando cambios en el manejo de memoria dentro de componentes del sistema que podrían permitir corrupción de memoria y ejecución de código bajo ciertas condiciones. El estudio
@tpx_Security
10 Mar 2026
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
غياب سطر برمجي واحد سمح باختراق الآيفون (واتساب وإيمسج) بصورة فقط! 🫢💻 ثغرة CVE-2025-43300 الخطيرة من نوع Zero-click؛ لا تحتاج لضغط رابط أو فتح ملف، بمجرد وصول الصور
@alghali
10 Mar 2026
35141 Impressions
12 Retweets
191 Likes
187 Bookmarks
7 Replies
0 Quotes
Zero-Click iPhone Hack via WhatsApp Images : Quarkslab blog post analyzing the patch for Apple's iOS CVE-2025-43300 (a zero-click vulnerability in ImageIO via malformed DNG images, potentially exploitable through apps like WhatsApp) https://t.co/pmJsD2l8VN
@Hermes_tooll
13 Feb 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-43300 2 - CVE-2026-20952 3 - CVE-2026-25253 4 - CVE-2025-26399 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
9 Feb 2026
134 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apple's iOS CVE-2025-43300 (a zero-click vulnerability in ImageIO via malformed DNG images, potentially exploitable through apps like WhatsApp) Fascinating patch analysis: Incredible how just 2 bytes patched CVE-2025-43300, a zero-click out-of- https://t.co/xOGvxl6dnO
@hermes_tool1
9 Feb 2026
9567 Impressions
11 Retweets
132 Likes
63 Bookmarks
1 Reply
0 Quotes
Quarkslab deep-dive: Patch analysis of iOS CVE-2025-43300 (ImageIO OOB write via malicious DNG). Chained with WhatsApp CVE-2025-55177 for zero-click RCE. Just a few bounds checks fixed it—update iOS/macOS now. #CyberSec #ZeroDay #cracksinthesystem #learn from the best https://t
@exc_actual
23 Jan 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Contact us for assistance #BTC #ETH #BNB #MOON #HarvestMoon #NEAR #MeteorWallet #Meteor SBNB #XRP #SOL RECOVER...Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack. 🕵️♂️ Scammers chained it with a WhatsApp flaw to tar
@Ethical_Hack022
22 Jan 2026
3 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Zero-Click iPhone Hack via WhatsApp Images : Quarkslab's blog post analyzes the patch for Apple's iOS CVE-2025-43300, a zero-click vulnerability in ImageIO that could be exploited through malformed DNG images, potentially affecting applications like WhatsApp. Interesting patch
@ZeeJailbreak
22 Jan 2026
5194 Impressions
12 Retweets
87 Likes
40 Bookmarks
0 Replies
0 Quotes
Apple has recently released emergency security updates for critical zero-day vulnerabilities (tracked as CVE-2025-43300 and others). Make sure to stay up-to-date and install latest updates to stay secure. #iPhone #TechNews
@HelloCyberBrain
20 Jan 2026
0 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
iOS 18.6.1, iOS 18.6.2 - iOS 0-click CVE-2025-43300 Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter The vulnerability seems to be located in the ImageIO.framework. Frameworks and functionalities are implemented https://t.co/NqtSHhGXJw
@hermes_tool1
20 Jan 2026
5405 Impressions
14 Retweets
94 Likes
33 Bookmarks
1 Reply
0 Quotes
iOS 18.6.1, iOS 18.6.2 - iOS 0-click CVE-2025-43300 Reverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matter The vulnerability seems to be located in the ImageIO.framework. Frameworks and functionalities are implemented into multiple files Learn
@ZeeJailbreak
20 Jan 2026
5245 Impressions
6 Retweets
61 Likes
20 Bookmarks
0 Replies
1 Quote
Zero-Click iPhone Hack via WhatsApp Images : Quarkslab blog post analyzing the patch for Apple's iOS CVE-2025-43300 (a zero-click vulnerability in ImageIO via malformed DNG images, potentially exploitable through apps like WhatsApp) https://t.co/NqtSHhGXJw https://t.co/JMAysoI
@hermes_tool1
20 Jan 2026
2139 Impressions
13 Retweets
59 Likes
22 Bookmarks
0 Replies
0 Quotes
Zero-Click iPhone Hack via WhatsApp Images : Quarkslab blog post analyzing the patch for Apple's iOS CVE-2025-43300 (a zero-click vulnerability in ImageIO via malformed DNG images, potentially exploitable through apps like WhatsApp) Fascinating patch analysis: Incredible how h
@0x0SojalSec
19 Jan 2026
95458 Impressions
114 Retweets
613 Likes
386 Bookmarks
3 Replies
9 Quotes
Contact us for assistance #BTC #ETH #BNB #MOON #HarvestMoon #NEAR #MeteorWallet #Meteor SBNB #XRP #SOL RECOVER...Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack. 🕵️♂️ Scammers chained it with a WhatsApp flaw to tar
@Ethical_Hack022
18 Jan 2026
87 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Contact us for assistance #BTC #ETH #BNB #MOON #HarvestMoon #NEAR #MeteorWallet #Meteor SBNB #XRP #SOL RECOVER...Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack. 🕵️♂️ Scammers chained it with a WhatsApp flaw
@Ledgertrace_inc
17 Jan 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS s... https://t.co/ybeyeHRyxW
@SecurityAid
11 Jan 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DNGerousLINK: A Deep Dive into #WhatsApp #0_Click #Exploits on #iOS and #Samsung Devices (CVE-2025-55177, CVE-2025-43300) https://t.co/ZpEcPdXE6q https://t.co/mTqLNsdLa8
@omvapt
7 Jan 2026
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (CVE-2025-55177, CVE-2025-43300) https://t.co/3LT0TCgYdL
@HackingTeam777
30 Dec 2025
1201 Impressions
2 Retweets
7 Likes
5 Bookmarks
0 Replies
0 Quotes
https://t.co/VVhvTl6dZS recent cve-2025-43300 @Cyberdost flaw in apple devices everypne need to update whats'app and apple
@balajisharathk1
10 Dec 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
(CVE-2025-21075, similar to CVE-2025-43300 in Apple's RawImage DNG decoder)[Samsung][DNG]QuramDng invalid LossyJpeg component assumption -> OOBW https://t.co/jTCQemHHlW Reported by Brendon Tiszka(https://t.co/RrgNOJhx7i)
@xvonfers
4 Dec 2025
3617 Impressions
4 Retweets
34 Likes
13 Bookmarks
1 Reply
1 Quote
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing. h
@minacrissDev_
4 Nov 2025
339 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Founder of OneKey: Update your software on iOS and macOS to the latest version (❗️) as soon as possible – Apple has discovered a critical zero-day vulnerability. CVE-2025-43300 is already being actively exploited by hackers: it’s enough to open a specially crafted image
@RolfecryptoSig
25 Oct 2025
3 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[Research] ImageIO: iOS/macOS DNG Image Processing Memory Corruption (en) This post summarizes CVE-2025-43300, an OOB write in ImageIO’s DNG lossless decoder. I cover dyld cache diffs, the vulnerable CDNGLosslessJpegUnpacker path, and the patch (CMPhoto/CVPixelBuffer + size ht
@hackyboiz
23 Oct 2025
6872 Impressions
16 Retweets
78 Likes
39 Bookmarks
0 Replies
1 Quote
Contact us for assistance #BTC #ETH #BNB #MOON #HarvestMoon #NEAR #MeteorWallet #Meteor SBNB #XRP #SOL RECOVER...Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack. https://t.co/MsCNUvDR0q
@carlcyber1
21 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The National Computer Emergency Response Team (NCERT) has alerted about a serious security flaw found in Apple’s ImageIO framework, identified as CVE-2025-43300. Read story: https://t.co/Aet9liI5rd #iphones #filesecurity
@theasianmirror3
20 Oct 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Contact us for assistance #BTC #ETH #BNB #MOON #HarvestMoon #NEAR #MeteorWallet #Meteor SBNB #XRP #SOL RECOVER...Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack. 🕵️♂️ Scammers chained it with a WhatsApp flaw
@LegitHackserver
13 Oct 2025
13 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Contact us for assistance #BTC #ETH #BNB #MOON #HarvestMoon #NEAR #MeteorWallet #Meteor SBNB #XRP #SOL RECOVER...Apple backports a critical fix for CVE-2025-43300—already used in a sophisticated spyware attack. 🕵️♂️ Scammers chained it with a WhatsApp flaw to targe
@Shadows_hacker
13 Oct 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
واتساب فيه ثغرة خطيرة 0-click «لا حاجة للنقر على شيء» على أجهزة أبل (iPhone, iPad, Mac): باحثون من مجموعة DarkNavyOrg بيّنوا طريقة استغلال ثغرتين — CVE-2025-55177 وCVE-2025-43300 — عن ط
@cyber_shockry
11 Oct 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📱 Critical zero-click vulnerability (CVE-2025-55177) within WhatsApp has been leveraged in targeted spyware operations, in conjunction with an Apple Imagel0 flaw (CVE-2025-43300). https://t.co/r4LJmGQBz1
@AiKalki
6 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ALERTA: WhatsApp 0-Click Vulnerability CVE-2025-55177 & CVE-2025-43300 https://t.co/QGsPiOcXwm
@WMJenny24
5 Oct 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
تحذير مديرية الأمن السيبراني في وزارة الداخلية عن عن ثغرة واتساب “Zero Click” جاء متأخراً شهراً كاملاً بعد إصلاحها (CVE-2025-55177 و CVE-2025-43300). واتساب أصلحتها في شهر
@fadhil79
3 Oct 2025
5407 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar from https://t.co/8RzyA4nEyg: CVE-2024-3400 (@stevenadair) CVE-2025-24132 CVE-2025-43300 CVE-2025-5777 CVE-2025-55177 CVE-2023-34044 (@pr0Ln) CVE-2023-20870 CVE-2025-10035 CVE-2025-20333 https://t.co/Z18UZ0WhOF
@ptdbugs
3 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-43300
@transilienceai
1 Oct 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🕵♂WhatsApp: 0-Click RCE por DNG malicioso • Investigadores publicaron PoC que combina dos vulnerabilidades (CVE-2025-55177 y CVE-2025-43300) permitiendo ejecución remota sin interacción en iOS/macOS/iPadOS. • El exploit se entrega mediante un archivo DNG malformado
@HackingTeam777
30 Sept 2025
9238 Impressions
51 Retweets
219 Likes
112 Bookmarks
2 Replies
2 Quotes
🚨 CVE-2025-55177 & CVE-2025-43300: WhatsApp 0-Click Crash CVE-2025-43300 GitHub: https://t.co/hmBnaQ0yxK https://t.co/Z69ge6FzNx
@DarkWebInformer
30 Sept 2025
8255 Impressions
24 Retweets
118 Likes
62 Bookmarks
1 Reply
0 Quotes
CVE-2025-43300 Test Does the web browser support dng on PS5 PS4 https://t.co/wJoU9rJHt6 https://t.co/28PWB3AYN8
@master_s9
30 Sept 2025
3930 Impressions
6 Retweets
44 Likes
6 Bookmarks
14 Replies
1 Quote
🚨 Zero-click RCE in WhatsApp: A malicious DNG image can exploit Apple devices (iOS/macOS/iPadOS) via CVE-2025-55177 & CVE-2025-43300. PoC shows a compromise on receipt with no user action. Patch ASAP; avoid unexpected media. #cybersecurity #WhatsApp https://t.co/kHZLjqtrRr
@AJTheTech
29 Sept 2025
165 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
ثغرَة 0-click في واتساب على iOS/macOS/iPadOS تُستغل عبر ملف DNG خبيث (CVE-2025-55177 & CVE-2025-43300) 🐞📸. PoC من باحثي DarkNavyOrg يُظهر تنفيذ كود عن بُعد بدون تفاعل — قد يتيح استيلاء ك
@Infoandtech3
29 Sept 2025
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing. h
@minacrissDev_
29 Sept 2025
2208 Impressions
1 Retweet
27 Likes
13 Bookmarks
0 Replies
0 Quotes
BREAKING: WhatsApp zero-click vuln (CVE-2025-55177 & CVE-2025-43300) exploited via malicious DNG files, enabling RCE on iOS/macOS/iPadOS. No user interaction needed! Patch now. Source: @The_Cyber_News https://t.co/osGMrTK9dw #CyberSec #WhatsApp
@meet_cipher
29 Sept 2025
1443 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
1 Quote
Actively exploited CVE : CVE-2025-43300
@transilienceai
29 Sept 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Triggered WhatsApp 0-click on iOS/macOS/iPadOS CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing https:
@zeeshankghouri
29 Sept 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
El grupo DarkNavy anunció la explotación de una vulnerabilidad 0-click en WhatsApp, vinculada al CVE-2025-55177 y CVE-2025-43300 por fallas en validación y parsing DNG. También investigan un CVE en Samsung (2025-21043). https://t.co/1MO3mN9Px7
@tpx_Security
29 Sept 2025
256 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing. h
@DarkNavyOrg
28 Sept 2025
73783 Impressions
138 Retweets
640 Likes
316 Bookmarks
6 Replies
12 Quotes
While reproducing the iOS ITW CVE-2025-43300 (https://t.co/xTk39FuOSi), we accidentally triggered another old DNG image parsing vulnerability. The analysis is still ongoing. https://t.co/mn04P5uu8d
@minacrissDev_
24 Sept 2025
1652 Impressions
1 Retweet
14 Likes
6 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-43300
@transilienceai
24 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
The two bytes that make size matter: Reverse engineering Apple's iOS 0-click CVE-2025-43300 improved bounds checking fix,
@minacrissDev_
21 Sept 2025
1263 Impressions
0 Retweets
7 Likes
4 Bookmarks
0 Replies
0 Quotes
اپل برای آسیب پذیری با کد شناسایی CVE-2025-43300 که برای iPhone و iPad های قدیمی منتشر شده بود ، پچ لازم را منتشر نمود. این آسیب پذیری از نوع memory corruption بوده و باعث اجرای
@AmirHossein_sec
18 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDB9319-770B-401B-8D7E-40BB6E370446",
"versionEndExcluding": "15.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD176E0-E5C8-4009-A214-B8C9AFA59934",
"versionEndExcluding": "16.7.12",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E640930D-FE94-4B16-9512-9E95091644E5",
"versionEndExcluding": "18.6.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F99051-EE84-4D7D-8042-688337134F24",
"versionEndExcluding": "15.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D79D2C71-2062-4D9E-8E3C-23C00CEE6226",
"versionEndExcluding": "16.7.12",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31536890-ADCB-49F4-AEAA-A10FC40D4881",
"versionEndExcluding": "18.6.2",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B590C13-CEA2-44D3-8C0A-B15A61F424AB",
"versionEndExcluding": "13.7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]