CVE-2025-43510
Published Dec 12, 2025
Last updated 3 months ago
AI description
CVE-2025-43510 is identified as a memory corruption issue or a race condition vulnerability affecting multiple Apple operating systems, including watchOS, iOS, iPadOS, macOS (Tahoe, Sonoma, Sequoia), visionOS, and tvOS, across various versions. This flaw stems from insufficient lock state checking within the kernel's inter-process communication (IPC) or shared memory management subsystems. A malicious application can exploit CVE-2025-43510 to cause unexpected changes in memory shared between processes. This manipulation can lead to critical data corruption and unexpected system behavior. The vulnerability has been associated with the "DarkSword" exploit chain, which can be used by local attackers to achieve privilege escalation and sandbox escapes. Apple has addressed this issue in specific updated versions of the affected software.
- Description
- A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- ipados, iphone_os, macos, tvos, visionos, watchos
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Improper Locking Vulnerability
- Exploit added on
- Mar 20, 2026
- Exploit action due
- Apr 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-667
- Hype score
- Not currently trending
🚨 CVE-2025-43510 — now actively exploited in the wild (CISA KEV). A memory corruption issue was addressed with improved lock state… Risk 50/100 · EPSS 0% · CVSS 7.8. Patch or mitigate now — attackers are already using it. https://t.co/bfdjwKRSz7 #KEV #CVE #ActivelyEx
@BytesNora
7 Jul 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DarkSword #iOS #Exploit Chain — Six-Stage Nuclear Exploit Kit Exploit Chain: CVE-2025-31277 → CVE-2026-20700 → CVE-2025-14174 → CVE-2025-43510 → CVE-2025-43520 Target: iOS 18.4 - 18.7 (#Safari/#WebKit) Effect: Full device compromise from one click (watering hole)
@YogSoth0
28 Jun 2026
10985 Impressions
23 Retweets
146 Likes
58 Bookmarks
4 Replies
1 Quote
3 Apple CVEs hit the CISA KEV this week — all actively exploited: CVE-2025-31277 (memory corruption) CVE-2025-43510 (DoS) CVE-2025-43520 (buffer overflow) iOS, macOS, watchOS, visionOS affected. Update everything. Today. #Apple #AppSec
@cveriskpilot
27 Mar 2026
127 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Alerte CISA : Exploitation Active de la Vulnérabilité Critique Apple CVE-2025-43510 – Correctif Urgent Requis (zoneantimalware) https://t.co/vXZwc61CPC
@NicolasCoolman
26 Mar 2026
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows UNC6353 deployed the DarkSword exploit kit to chain iOS vulnerabilities CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. Attackers escaped sandboxes, escalated privileges, and moved laterally across compromised devices to steal cryptocurrency wallet
@aviatrixtrc
24 Mar 2026
179 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性5件をカタログに追加 CISA Adds Five Known Exploited Vulnerabilities to Catalog #CISA (Mar 20) CVE-2025-31277 Apple複数製品におけるバッファオーバーフローの脆弱性 CVE-2025-32432 Craft CMS コードインジ
@foxbook
23 Mar 2026
222 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti
@SteveAJ777
21 Mar 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti
@SteveAJ777
21 Mar 2026
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti
@SteveAJ777
21 Mar 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Today CVE: CVE-2025-43510 This is the part teams worry about. Apple dropped patches across six platforms. Same day. Same vulnerability. Improper locking in shared memory.
@EdgeDetectOps
21 Mar 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。Apple社複数製品のCVE-2025-31277、CVE-2025-43510、CVE-2025-43520、Craft CMSのCVE-2025-32432、Laravel LivewireのCVE-202
@__kokumoto
21 Mar 2026
891 Impressions
0 Retweets
5 Likes
3 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-43510 #Apple Multiple Products Improper Locking Vulnerability https://t.co/txqRMhl977
@ScyScan
20 Mar 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-43510: Vulnerabilidad Crítica de Bloqueo en Productos Apple Análisis técnico de CVE-2025-43510, una vulnerabilidad de alto riesgo en watchOS, iOS y más que permite cambios inesperados en memoria compartida. Impacto, miti https://t.co/teiwx9fBCw #ciberplaneta
@CiberPlanetaOrg
20 Mar 2026
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Bloqueo Impropio en Múltiples Productos de Apple (CVE-2025-43510) Vulnerabilidad CWE-667 en watchOS, iOS, iPadOS, macOS, visionOS y tvOS de Apple permite a una aplicación maliciosa causar cambios inesperados en memoria compartida e
@CiberPlanetaOrg
20 Mar 2026
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-43510 - Apple - macOS - https://t.co/7JXfz2IaqM #OSINT #ThreatIntel #CyberSecurity #cve-2025-43510 #apple #macos
@RedPacketSec
20 Mar 2026
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "819E8F86-A336-49A2-853F-249459279A59",
"versionEndExcluding": "18.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4173F942-2CF6-447E-A942-948F6EF6CE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B98B4A6-EFB0-4651-BF56-06917E7CEC85",
"versionEndExcluding": "18.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E29A276A-7091-42B2-B893-6A5801A0716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9827CBDC-8C03-46BA-B534-8533F0975804",
"versionEndExcluding": "14.8.2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE8199E-63D1-496C-B107-52853CFC2311",
"versionEndExcluding": "15.7.2",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "551159EE-8311-4A13-802D-85871DAB5E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "290E0D29-CB5B-45A7-9FE3-FD2030B1D1A4",
"versionEndExcluding": "26.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DFD3616-65CA-4E5C-849C-3C20ACBCB610",
"versionEndExcluding": "26.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9D7F76-13FB-407C-94E5-221B93021568",
"versionEndExcluding": "26.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]