CVE-2025-43503

Published Nov 4, 2025

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-43503 is a user interface spoofing vulnerability affecting Apple Safari and related operating systems, including watchOS, iOS, iPadOS, and visionOS. The vulnerability stems from inconsistent state management in the browser's UI, which allows malicious websites to display deceptive interface elements. This flaw can trick users into believing they are interacting with legitimate browser or system dialogs, potentially leading to phishing attacks or unauthorized actions. The vulnerability impacts Safari versions prior to 26.1 and corresponding OS versions before 26.1. The issue was addressed by Apple with improved state management in later updates.

Description: An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Visiting a malicious website may lead to user interface spoofing.
Source: product-security@apple.com
NVD status: Analyzed
Products: safari, ipados, iphone_os, visionos, watchos

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-290

Hype score: Not currently trending

2 new address bar spoofing vulnerabilities in Safari < iOS 26.1, CVE-2025-43493 and CVE-2025-43503. At this point no browser is safe and will bring my total spoofing bugs to about 100 across all the browsers. https://t.co/teGtWZSoOF
@RenwaX23
4 Nov 2025
7602 Impressions
7 Retweets
93 Likes
23 Bookmarks
4 Replies
2 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFF118CE-3F13-43BE-B250-5579E1C842EB",
            "versionEndExcluding": "26.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8",
            "versionEndExcluding": "26.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925",
            "versionEndExcluding": "26.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DFD3616-65CA-4E5C-849C-3C20ACBCB610",
            "versionEndExcluding": "26.1"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F9D7F76-13FB-407C-94E5-221B93021568",
            "versionEndExcluding": "26.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.