CVE-2025-43376 — Apple IOS AND Ipados vulnerability

9 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 75.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Safari +5 more

Timeline

PublishedNov 4

Description

A logic issue was addressed with improved state management. This issue is fixed in Safari 26, iOS 18.7.7 and iPadOS 18.7.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

▶NVDapple/ipados< 26.0

▶CVEListV5apple/ios_and_ipados< 18.7.7+1

▶CVEListV5apple/tvos< 26

▶CVEListV5apple/macos< 26

▶CVEListV5apple/safari< 26

🔴Vulnerability Details

GHSA

GHSA-8h7r-5q86-pw9x: A logic issue was addressed with improved state management↗2025-11-04

▶

CVEList

CVE-2025-43376: A logic issue was addressed with improved state management↗2025-11-04

▶

📋Vendor Advisories

Apple

CVE-2025-43376: iOS 26 and iPadOS 26↗2025-09-15

▶

Apple

CVE-2025-43376: watchOS 26↗2025-09-15

▶

Apple

CVE-2025-43376: visionOS 26↗2025-09-15

▶

Apple

CVE-2025-43376: Safari 26↗2025-09-15

▶

Apple

CVE-2025-43376: macOS Tahoe 26↗2025-09-15

▶