Medium severity6.5NVD Advisory· Published Nov 4, 2025· Updated Apr 2, 2026

CVE-2025-43424

Description

The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. A malicious HID device may cause an unexpected process crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A malicious HID device can trigger an unexpected process crash on Apple macOS Tahoe, iOS, and iPadOS due to insufficient bounds checks.

Vulnerability

Overview

CVE-2025-43424 is a vulnerability in Apple's HID (Human Interface Device) handling that could allow a malicious physical USB or Bluetooth HID device to cause an unexpected process crash. The issue was addressed with improved bounds checks [1].

Attack

Surface and Prerequisites

Exploitation requires an attacker to have physical access to the device or be in close proximity to connect a malicious HID device, such as a specially crafted keyboard or other input device. No user interaction beyond device connection is required, as the crash occurs during processing of HID reports [1][2].

Impact

An attacker could cause the target system's process responsible for HID management to crash, which may lead to denial of service or potentially disrupt input functionality until the device is removed or the system is restarted [1].

Mitigation

Apple has addressed this issue in macOS Tahoe 26.1, iOS 26.1, and iPadOS 26.1, released November 3, 2025 [1][2]. Users should update their devices to the latest available versions to mitigate the vulnerability.

References

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados2 versions
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <26.1
- (no CPE)range: <26.1
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <26.1
Cisco Systems, Inc./Cisco iOSllm-fuzzy
Range: <26.1
Apple Inc./macOS Tahoellm-fuzzy
Range: <26.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/125632nvdRelease NotesVendor Advisory
support.apple.com/en-us/125634nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000