CVE-2025-43432

Published Nov 4, 2025

Last updated 24 days ago

CVSS medium 4.3

Overview

Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Source
product-security@apple.com
NVD status
Modified
Products
safari, ipados, iphone_os, tvos, visionos, watchos

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-416

Social media

Hype score
Not currently trending

  1. Three vulnerabilities fixed in macOS Tahoe 26.1: https://t.co/TitY8KUoT3 Webkit (JavaScriptCore): CVE-2025-43457: UAF vulnerability during DFG CSE phase graph node substitution CVE-2025-43432: UAF vulnerability during WASM function parsing CoreText: CVE-2025-43445: OOB access

    @hosselot

    10 Dec 2025

    2856 Impressions

    3 Retweets

    26 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  2. 🔴USN-7914-1 - WebKitGTK CVEs Enable Browser Code Execution Ubuntu patched seven critical WebKitGTK vulnerabilities enabling arbitrary code execution via malicious web content. CVE-2025-43432 through CVE-2025-43392 span use-after-free bugs, memory corruption, and type confusi

    @the_c_protocol

    9 Dec 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Apple Safari JavaScriptCore Wasm Function Parsing Use-After-Free Remote Code Execution Vulnerability (CVE-2025-43432) #Apple #AppleSafari #CVE202543432 #CyberSecurity #RemoteCodeExecutionVulnerability https://t.co/PqV1Y9FQkS https://t.co/5QxoOVejc2

    @SystemTek_UK

    17 Nov 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Apple Security Update - November 4, 2025 Apple just dropped patches for 50 vulnerabilities across macOS, iOS, iPadOS, Safari, watchOS, tvOS, and visionOS. WebKit Crashes Everywhere   - Multiple use-after-free issues in Safari/WebKit (CVE-2025-43432, CVE-2025-43435,

    @gothburz

    4 Nov 2025

    424 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.CVE-2025-43210
  2. This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6. Processing a file may lead to memory corruption.CVE-2025-43202
  3. The issue was addressed with improved checks. This issue is fixed in iOS 26.4 and iPadOS 26.4. An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode.CVE-2026-28895
  4. A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service.CVE-2026-28894
  5. A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A user in a privileged network position may be able to cause a denial-of-service.CVE-2026-28886

References

Sources include official advisories and independent security research.