CVE-2025-43372

Published Sep 15, 2025

Last updated 24 days ago

CVSS high 7.8

Overview

Description
The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Source
product-security@apple.com
NVD status
Modified
Products
ipados, iphone_os, macos, tvos, visionos, watchos

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-20

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades en productos Apple ❗CVE-2025-43361 ❗CVE-2025-43364 ❗CVE-2025-43372 ➡️Más info: https://t.co/oxG9pdvpme https://t.co/zqJ5NQCesJ

    @CERTpy

    11 Nov 2025

    124 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🍎CVE-2025-43372 https://t.co/uvPkB6HEFR

    @gap_dev

    16 Sept 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-43372 Memory Corruption Vulnerability in Apple's Media Processi... https://t.co/t7ULXMEacj Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd

    @VulmonFeeds

    16 Sept 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.CVE-2025-43264
  2. This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be able to break out of its sandbox.CVE-2025-43257
  3. An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.CVE-2025-43238
  4. A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.CVE-2025-43236
  5. The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.CVE-2025-43219

References

Sources include official advisories and independent security research.