CVE-2025-43356

Published Sep 15, 2025

Last updated 4 months ago

CVSS medium 6.5

Overview

Description
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. A website may be able to access sensor information without user consent.
Source
product-security@apple.com
NVD status
Modified
Products
safari, ipados, iphone_os, macos, tvos, visionos, watchos

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-200

Social media

Hype score
Not currently trending

  1. 🚨 Unmasking #Apple's Latest Zero-Days: A Deep Dive into #CVE-2025-43356 and Proactive Defense Strategies https://t.co/vggXEXt9NV Educational Purposes!

    @UndercodeUpdate

    17 Sept 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Excited 🎉 to share that I have been credited with my 4th CVE from Apple: CVE-2025-43356. This issue was addressed in Apple’s new security releases of iOS 26, iPadOS 26, and Safari 26. #Apple #CVE #BugBounty #iOS #ApplicationSecurity #iOS26 https://t.co/CWHom5o7s2

    @cybor_j

    16 Sept 2025

    7975 Impressions

    14 Retweets

    114 Likes

    26 Bookmarks

    6 Replies

    0 Quotes

  3. CVE-2025-43356 The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26… https://t.co/t8x0nJs1Cf

    @CVEnew

    16 Sept 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700
  2. A logic issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker may be able to discover a user’s deleted notes.CVE-2026-20682
  3. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.CVE-2026-20681
  4. The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.CVE-2026-20680
  5. An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.CVE-2026-20678

References

Sources include official advisories and independent security research.