CVE-2025-43500Exposure of Private Personal Information to an Unauthorized Actor in Apple IOS AND Ipados

CWE-359Exposure of Private Personal Information to an Unauthorized Actor7 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 86.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple IOS AND IpadosApple MacosApple Visionos+3 more
Timeline
PublishedNov 4

Description

A privacy issue was addressed with improved handling of user preferences. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to access sensitive user data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

CVEListV5apple/macos< 26.1
NVDapple/ipados< 26.1
CVEListV5apple/watchos< 26.1
NVDapple/watchos< 26.1
CVEListV5apple/visionos< 26.1

🔴Vulnerability Details

2
CVEList
CVE-2025-43500: A privacy issue was addressed with improved handling of user preferences2025-11-04
GHSA
GHSA-gp5f-42gx-q2fq: A privacy issue was addressed with improved handling of user preferences2025-11-04

📋Vendor Advisories

4
Apple
CVE-2025-43500: macOS Tahoe 26.12025-11-03
Apple
CVE-2025-43500: watchOS 26.12025-11-03
Apple
CVE-2025-43500: visionOS 26.12025-11-03
Apple
CVE-2025-43500: iOS 26.1 and iPadOS 26.12025-11-03
CVE-2025-43500 — Apple IOS AND Ipados vulnerability | cvebase