VYPR
← All advisories
Low severity2.8NVD Advisory· Published Nov 4, 2025· Updated Apr 2, 2026

CVE-2025-43365

CVE-2025-43365

Description

A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unprivileged process may terminate root processes due to an out-of-bounds access issue in iOS and iPadOS, fixed in iOS 18.7.2 and iOS 26.

Root

Cause CVE-2025-43365 is a denial-of-service vulnerability in iOS and iPadOS. The issue stems from an out-of-bounds access that occurs when the system handles certain input. Apple addressed this by improving bounds checking, which prevents the out-of-bounds condition [1].

Exploitation

An unprivileged process (e.g., a third-party app) can exploit this flaw without requiring elevated privileges. The attack surface is local, meaning the attacker must already have the ability to run code on the device. No user interaction is needed beyond launching the malicious app [1][2].

Impact

Successful exploitation allows an unprivileged process to terminate root processes, leading to unexpected system termination. This can cause a denial of service, potentially crashing the device or disrupting critical system services [1].

Mitigation

Apple has released patches in iOS 18.7.2 and iPadOS 18.7.2 (released November 5, 2025) and in iOS 26 and iPadOS 26 (released September 15, 2025). Users should update to the latest available version for their device. The vulnerability affects a wide range of devices, including iPhone 11 and later, and various iPad models [1][2].

References
  1. About the security content of iOS 26 and iPadOS 26 - Apple Support
  2. About the security content of iOS 18.7.2 and iPadOS 18.7.2 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.