Medium severity5.5NVD Advisory· Published Sep 15, 2025· Updated Apr 2, 2026

CVE-2025-43299

Description

A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A denial-of-service vulnerability in Apple operating systems allows an app to cause system termination; fixed in iOS 18.7, iPadOS 18.7, macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26.

Vulnerability

Overview

CVE-2025-43299 is a denial-of-service issue in Apple operating systems that can be triggered by an app. The root cause is a validation flaw that, when exploited, leads to unexpected system termination. Apple addressed the issue with improved validation in the latest software updates [1][2].

Exploitation

An attacker would need to have an app running on the affected device to exploit this vulnerability. No special privileges or network access are required beyond the ability to execute code on the system. The attack surface is local, meaning the app must be installed and run on the target the vulnerable component [1][2].

Impact

Successful exploitation results in a denial-of-service condition, causing the system to terminate unexpectedly. This can lead to loss of unsaved work and temporary unavailability of the device. The vulnerability does not disclose further technical details, but the impact is limited impact is limited to system stability [1][2].

Mitigation

Apple has released patches for iOS 18.7, iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26. Users are advised to update their devices to the latest available versions to mitigate the risk [1][2][3][4].

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados2 versions
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <18.7
- (no CPE)range: = 18.7
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.7
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=14.0,<14.8
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: = 18.7
Apple Inc./macOS Sequoiallm-fuzzy
Range: = 15.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/125109nvdRelease NotesVendor Advisory
support.apple.com/en-us/125111nvdRelease NotesVendor Advisory
support.apple.com/en-us/125112nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2025/Sep/50nvd
seclists.org/fulldisclosure/2025/Sep/53nvd
seclists.org/fulldisclosure/2025/Sep/54nvd
seclists.org/fulldisclosure/2025/Sep/55nvd
support.apple.com/en-us/125110nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000