Medium severity5.5NVD Advisory· Published Nov 4, 2025· Updated Apr 2, 2026

CVE-2025-43398

Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory handling issue in Apple operating systems may allow an app to cause unexpected system termination.

Vulnerability

Details

CVE-2025-43398 is a memory handling vulnerability in Apple's core operating systems. The vulnerability stems from a memory handling issue in the kernel or system services. Improper memory management can be triggered by a malicious or compromised application, leading to a state that forces the system to unexpectedly terminate.

Exploitation

An attacker would need to have an app running on a vulnerable device. No additional privileges or network access are required beyond the ability to execute a crafted application. The attack surface is local, meaning an app installed on the device can directly trigger the condition.

Impact

Successful exploitation results in unexpected system termination, effectively causing a denial-of-service (DoS) condition. This can lead to data loss or interruption of critical services, as the device may restart or become temporarily unusable.

Mitigation

Apple has addressed this issue in the following software updates: iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 7, visionOS 26.1, and watchOS 26.1 [1]. Users should update their devices to the latest available versions.

References

About the security content of iOS 26.1 and iPadOS 26.1 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <26.1
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <26.1
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=14.0,<14.8.2
Apple Inc./tvOS2 versions
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*range: <26.1
- (no CPE)range: 26.1
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <26.1
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <26.1
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: 18.7.2, 26.1
Apple Inc./macOS Sequoiallm-fuzzy
Range: 15.7.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000