CVE-2025-43400

Published Sep 29, 2025

Last updated a month ago

CVSS medium 6.3

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-43400 is a vulnerability in Apple's font parser that can be triggered by processing a maliciously crafted font file. The vulnerability is an out-of-bounds write issue that can lead to unexpected application termination or corrupt process memory. The vulnerability has been addressed with improved bounds checking in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Users are advised to apply the relevant updates promptly.

Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.1, tvOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.
Source
product-security@apple.com
NVD status
Modified
Products
ipados, iphone_os, macos, visionos

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.3
Impact score
3.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-787

Social media

Hype score
Not currently trending

  1. Reported this bug to Apple weeks ago before Security Update — marked “not a security issue.” Now it’s fixed in iOS 26.0.1 (CVE-2025-43400). No credit, no payout. 🤷‍♂️ #BugBounty #iOS Thank you #Apple https://t.co/B0LGJqlCFk

    @DMehtenvie88202

    6 Oct 2025

    0 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 iOS 26.0.1 is out: bug + security fix TL;DR • Fixes Wi-Fi/Bluetooth dropouts on iPhone 17/Air • Addresses camera artifacts + cellular issues • Includes security patch (FontParser, CVE-2025-43400) — update now Technical details (for power users) • Release: Sept 29

    @mobilengineer

    5 Oct 2025

    179 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 修正された脆弱性はCVE番号ベースで1件。 CVE-2025-43400 フォントパーサーにおける境界外書き込みの欠陥 「iOS 26.0.1」「iPadOS 26.0.1」が公開 ~ネットワークの問題や脆弱性に対処、iPhone 17の複数の問題にも対処 -

    @haeretics

    4 Oct 2025

    365 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Apple patches critical font parser flaw CVE-2025-43400 across platforms. Rising threats include Gemini AI risks, Medusa ransomware targeting Asahi, and state-backed phishing by APT35. Enforcement hits Bitcoin Queen. #Japan #GeminiAI #BitcoinQueen https://t.co/xwlrhNDbQt

    @TweetThreatNews

    1 Oct 2025

    451 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Apple закрыла в iOS/iPadOS/macOS 26.0.1 вредоносную уязвимость Компания поделилась документом Поддержки о том, что была устранена уязвимость по части функции FontParser

    @aaplpro

    30 Sept 2025

    757 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🍏 Security Update for Apple OS! 🔹 A critical vulnerability (CVE-2025-43400) was found in FontParser. 🔹 A malicious font could cause unexpected app crashes or memory damage. 🔹 Apple has patched this issue in iOS / iPadOS / macOS 26.0.1 and strongly recommends updating

    @Solmeenaa

    30 Sept 2025

    186 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🍏 آپدیت امنیتی برای سیستم‌عامل‌های اپل! 🔹 یه حفره امنیتی خطرناک (CVE-2025-43400) توی بخش پردازش فونت یا همون FontParser پیدا شده بود. 🔹 این باگ میتونست با یه فونت

    @AppleFarsii

    30 Sept 2025

    7401 Impressions

    0 Retweets

    59 Likes

    9 Bookmarks

    6 Replies

    1 Quote

  8. ⚠️ CVE-2025-43400: #Apple risolve una vulnerabilità critica nell'elaborazione dei font. 🔗 https://t.co/hQ4EQ2Fxhy Aggiornare. https://t.co/8lAK96jG0V

    @sonoclaudio

    30 Sept 2025

    322 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Breaking down the patch for CVE-2025-43400, a FontParser vulnerability in the latest macOS Tahoe and iOS 26.0.1 update. The issue: A malicious font could cause an out-of-bounds write, leading to memory corruption. Let's look at the fix. 🧵

    @minacrissDev_

    30 Sept 2025

    883 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. Prawdopodobnie złośliwe fonty mogą być wykorzystywane w atakach na użytkowników iPhone-ów. Aktualizujcie się do iOS 18.7.1 CVE-2025-43400: "Impact: Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory"

    @Sekurak

    30 Sept 2025

    5550 Impressions

    12 Retweets

    44 Likes

    7 Bookmarks

    1 Reply

    1 Quote

  11. Apple releases iOS 26.0.1 & iPadOS 26.0.1! Fixes CVE-2025-43400 in FontParser, preventing app crashes & memory corruption with improved bounds checking. Update now to stay secure! #iOS26 #Apple #SecurityUpdate  Source: https://t.co/TJstykccmn

    @meet_cipher

    30 Sept 2025

    543 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Apple Patches Single Vulnerability CVE-2025-43400, (Mon, Sep 29th) https://t.co/uNM8HQ4oYV #SANS #Cybersecurity https://t.co/KsRZOH0uTv

    @PoseidonTPA

    29 Sept 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-43400 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, vision… https://t.co/ZP4kKnxrob

    @CVEnew

    29 Sept 2025

    235 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.