CVE-2025-43537Path Traversal in Apple IOS AND Ipados

CWE-22Path Traversal5 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple IOS AND IpadosApple IpadosApple Iphone OS
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDapple/ipados< 18.7.5
CVEListV5apple/ios_and_ipados< 18.7.5+1
NVDapple/iphone_os< 18.7.5

🔴Vulnerability Details

2
GHSA
GHSA-9rvp-ph3g-jg82: A path handling issue was addressed with improved validation2026-02-12
CVEList
CVE-2025-43537: A path handling issue was addressed with improved validation2026-02-11

📋Vendor Advisories

2
Apple
CVE-2025-43537: iOS 18.7.5 and iPadOS 18.7.52026-02-11
Apple
CVE-2025-43537: iOS 26.2 and iPadOS 26.22025-12-12
CVE-2025-43537 — Path Traversal in Apple IOS AND Ipados | cvebase