CVE-2025-43520

CWE-120 — Classic Buffer Overflow14 documents6 sources

5.5

CVSS

MEDIUM

EPSS0.3%(51th)

CISA KEV

CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶NVDapple/macos14.0 — 14.8.2+2

▶NVDapple/ipados< 18.7.2+1

▶NVDapple/tvos< 26.1

▶NVDapple/watchos< 26.1

▶NVDapple/visionos< 26.1

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may be able to cause unexpected system termination or write kernel memory.

NVD ↗MITRE ↗

🔴Vulnerability Details

CVEList

CVE-2025-43520: A memory corruption issue was addressed with improved memory handling↗2025-12-12

▶

VulnCheck

Apple Multiple Products Classic Buffer Overflow Vulnerability↗2025

▶

📋Vendor Advisories

CISA

Apple Multiple Products Classic Buffer Overflow Vulnerability↗2026-03-20

▶

Apple

CVE-2025-43520: iOS 18.7.2 and iPadOS 18.7.2↗2025-11-05

▶

Apple

CVE-2025-43520: macOS Sequoia 15.7.2↗2025-11-03

▶

Apple

CVE-2025-43520: tvOS 26.1↗2025-11-03

▶

Apple

CVE-2025-43520: visionOS 26.1↗2025-11-03

▶

🕵️Threat Intelligence

Bleepingcomputer

Apple expands iOS 18 updates to more iPhones to block DarkSword attacks↗2026-04-01

▶

Bleepingcomputer

New DarkSword iOS exploit used in infostealer attack on iPhones↗2026-03-18

▶