Cyber Posture

CVE-2025-43520

MediumCISA KEVActive Exploitation

Published: 12 December 2025

Published
12 December 2025
Modified
03 April 2026
KEV Added
20 March 2026
Patch
CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0027 49.9th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1.…

more

A malicious application may be able to cause unexpected system termination or write kernel memory.

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match
prevent

Directly addresses memory corruption by enforcing mechanisms to protect kernel memory from unauthorized modification or access by malicious applications.

SI-2 Flaw Remediation good match
prevent

Ensures timely flaw remediation through patching, as demonstrated by Apple's updates fixing the memory handling vulnerability in affected OS versions.

SC-39 Process Isolation good match
prevent

Provides process isolation to prevent low-privilege malicious applications from writing to kernel memory or causing system termination.

Security SummaryAI

CVE-2025-43520 is a memory corruption vulnerability, classified under CWE-120, that was addressed through improved memory handling in multiple Apple operating systems. It affects iOS and iPadOS versions prior to 18.7.2 and 26.1, macOS Sequoia prior to 15.7.2, macOS Sonoma prior to 14.8.2, macOS Tahoe prior to 26.1, tvOS prior to 26.1, visionOS prior to 26.1, and watchOS prior to 26.1. The issue carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating a medium-severity local vulnerability with high availability impact.

A local attacker with low privileges, such as one running a malicious application on the system, can exploit this vulnerability. Successful exploitation may lead to unexpected system termination, resulting in a denial-of-service condition, or enable writing to kernel memory, potentially disrupting kernel stability.

Apple's security advisories detail the patches applied in the specified versions, recommending that users update to iOS 18.7.2 or 26.1, iPadOS 18.7.2 or 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, or watchOS 26.1 to mitigate the issue. Further details are available in the vendor's release notes at https://support.apple.com/en-us/125632, https://support.apple.com/en-us/125633, https://support.apple.com/en-us/125634, https://support.apple.com/en-us/125635, and https://support.apple.com/en-us/125636.

Details

CWE(s)
CWE-120
KEV Date Added
20 March 2026

Affected Products

apple
ipados
26.0 · ≤ 18.7.2
apple
iphone os
26.0 · ≤ 18.7.2
apple
macos
26.0 · 14.0 — 14.8.2 · 15.0 — 15.7.2
apple
tvos
≤ 26.1
apple
visionos
≤ 26.1
apple
watchos
≤ 26.1

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Kernel-level memory corruption vulnerability (out-of-bounds write) enables arbitrary kernel memory writes, directly facilitating exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References