CVE-2025-43400

📊 6.3 MEDIUM⚡ 0.1%🎯 0 exploits

📅 Published Sep 29, 2025

📋 Status: Analyzed

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1 and iPadOS 26.0.1, iOS 18.7.1 and iPadOS 18.7.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.

CVSS v3.1 • 134c704f-9b21-4f2e-91b3-4a467353bcc0

🎯 Affected Products & Systems

8 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
💻OS	apple	ipados	< 18.7.1	Vulnerable	cpe:2.3:o:apple:ipados::::::::
💻OS	apple	ipados	26.0	Vulnerable	cpe:2.3:o:apple:ipados:26.0:::::::*
💻OS	apple	iphone os	< 18.7.1	Vulnerable	cpe:2.3:o:apple:iphone_os::::::::
💻OS	apple	iphone os	26.0	Vulnerable	cpe:2.3:o:apple:iphone_os:26.0:::::::*
💻OS	apple	macos	≥ 14.0 ∧ < 14.8.1	Vulnerable	cpe:2.3:o:apple:macos::::::::
💻OS	apple	macos	≥ 15.0 ∧ < 15.7.1	Vulnerable	cpe:2.3:o:apple:macos::::::::
💻OS	apple	macos	26.0	Vulnerable	cpe:2.3:o:apple:macos:26.0:::::::*
💻OS	apple	visionos	< 26.0.1	Vulnerable	cpe:2.3:o:apple:visionos::::::::

💻

apple / ipados

Operating System

Vulnerable

Version: < 18.7.1

CPE:

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

💻

apple / ipados

Operating System

Vulnerable

Version: 26.0

CPE:

cpe:2.3:o:apple:ipados:26.0:*:*:*:*:*:*:*

💻

apple / iphone os

Operating System

Vulnerable

Version: < 18.7.1

CPE:

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

💻

apple / iphone os

Operating System

Vulnerable

Version: 26.0

CPE:

cpe:2.3:o:apple:iphone_os:26.0:*:*:*:*:*:*:*

💻

apple / macos

Operating System

Vulnerable

Version: ≥ 14.0 ∧ < 14.8.1

CPE:

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

💻

apple / macos

Operating System

Vulnerable

Version: ≥ 15.0 ∧ < 15.7.1

CPE:

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

💻

apple / macos

Operating System

Vulnerable

Version: 26.0

CPE:

cpe:2.3:o:apple:macos:26.0:*:*:*:*:*:*:*

💻

apple / visionos

Operating System

Vulnerable

Version: < 26.0.1

CPE:

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

8 products•scroll for more

Metrics

6.3 MEDIUMCVSS v3.1134c704f-9b21-4f2e-91b3-4a467353bcc0

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

NONE

User Interaction:

REQUIRED

Confidentiality:

LOW

Integrity:

LOW

Availability:

LOW

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.3 (MEDIUM)v3.1

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

EPSS Details

0.1% (Minimal)17.3th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Sep 29, 2025 (1 month ago)

Last Modified

Sep 30, 2025 (1 month ago)

Security Weaknesses1

CWE-787

References7

NVDgeneralgeneral+4