← back
CVE-2025-43300

CVE-2025-43300

CVSS 10 CRITICALEPSS 20.0%● KEVCWE-787
In short

A flaw in image file processing allows attackers to write data beyond allocated memory boundaries, potentially corrupting system memory. This critical vulnerability affects Apple devices and can be exploited remotely through malicious image files.

Technical detail

Out-of-bounds write vulnerability (CWE-787) in image processing code lacks proper bounds validation. Attack vector involves crafting a malicious image file that triggers memory corruption when processed; no user interaction complexity is required. Impact includes arbitrary code execution with full system privileges; real-world exploitation has been confirmed against targeted users.

Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · iPadOSApple · macOS
public PoCs found6
githubgithub.com/hunters-sec/CVE-2025-43300114githubgithub.com/PwnToday/CVE-2025-433006githubgithub.com/ticofookfook/CVE-2025-433003githubgithub.com/Dark-life944/CVE-20251githubgithub.com/Shakai-Dev/CVE-2025-43300-exp0githubgithub.com/veniversum/cve-2025-433000
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2025/Sep/10http://seclists.org/fulldisclosure/2025/Sep/14http://seclists.org/fulldisclosure/2025/Sep/52https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.mdhttps://github.com/cisagov/vulnrichment/issues/201https://support.apple.com/en-us/124925https://support.apple.com/en-us/124926https://support.apple.com/en-us/124927https://support.apple.com/en-us/124928https://support.apple.com/en-us/124929https://support.apple.com/en-us/125141https://support.apple.com/en-us/125142