Medium severity6.5NVD Advisory· Published Sep 15, 2025· Updated Apr 2, 2026

CVE-2025-43272

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Processing maliciously crafted web content can cause an unexpected Safari crash due to a memory handling issue, addressed in Safari 26 and corresponding OS updates.

CVE-2025-43272 is a vulnerability in Safari's web content processing that stems from a memory handling flaw. The issue was resolved by improving memory management, preventing crashes when parsing maliciously crafted content.

The attack vector is through web content, meaning an attacker could host a specially crafted webpage or inject malicious code into a legitimate site. No authentication or special network position is required; simply visiting the page triggers the vulnerability.

The impact is limited to an unexpected Safari crash, resulting in denial of service. There is no indication of arbitrary code execution or data exfiltration based on the advisory.

Apple released patches for this vulnerability in Safari 26, which is included in macOS Tahoe 26, iOS 26, iPadOS 26, visionOS 26, and watchOS 26. Users should update their devices to the latest available versions to mitigate the risk [1][2].

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Safari2 versions
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <26.0
- (no CPE)range: = 26
Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <26.0
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <26.0
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <26.0
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <26.0
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <26.0
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: = 26
Apple Inc./macOS Tahoellm-fuzzy
Range: = 26

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/125108nvdRelease NotesVendor Advisory
support.apple.com/en-us/125113nvdRelease NotesVendor Advisory
support.apple.com/en-us/125115nvdRelease NotesVendor Advisory
support.apple.com/en-us/125116nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2025/Sep/53nvd
seclists.org/fulldisclosure/2025/Sep/57nvd
seclists.org/fulldisclosure/2025/Sep/59nvd
www.openwall.com/lists/oss-security/2025/09/22/3nvd
support.apple.com/en-us/125110nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000