CVE-2025-43493

Published Nov 4, 2025

Last updated a month ago

CVSS medium 4.3

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-43493 is a vulnerability that could allow a malicious website to spoof the address bar. The vulnerability was addressed by implementing improved checks. The issue is fixed in iOS 26.1, iPadOS 26.1, Safari 26.1, and visionOS 26.1.

Description
The issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Visiting a malicious website may lead to address bar spoofing.
Source
product-security@apple.com
NVD status
Analyzed
Products
safari, ipados, iphone_os, visionos

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-290

Social media

Hype score
Not currently trending

  1. 2 new address bar spoofing vulnerabilities in Safari < iOS 26.1, CVE-2025-43493 and CVE-2025-43503. At this point no browser is safe and will bring my total spoofing bugs to about 100 across all the browsers. https://t.co/teGtWZSoOF

    @RenwaX23

    4 Nov 2025

    7602 Impressions

    7 Retweets

    93 Likes

    23 Bookmarks

    4 Replies

    2 Quotes

  2. CVE-2025-43493 The issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Visiting a malicious website may lead to ad… https://t.co/fSUp1EXljw

    @CVEnew

    4 Nov 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.