CVE-2025-43234 | Multiple memory corruption issues were addressed with improv… | CVSS 9.8 CRITICAL

Description

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing a maliciously crafted texture may lead to unexpected app termination.

Metadata

CVE ID: CVE-2025-43234
State: PUBLISHED
Assigner: apple
Reserved: 2025-04-16 15:24 UTC
Published: 2025-07-29 23:35 UTC
Last updated: 2026-04-02 18:11 UTC
Primary CWE: CWE-20
CWE-20 Improper Input Validation
Vendor / Product: Apple / iOS and iPadOS
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (5)

Vendor	Product	Platform	Versions
Apple	iOS and iPadOS	—	0 < 18.6
Apple	macOS	—	0 < 15.6
Apple	tvOS	—	0 < 18.6
Apple	visionOS	—	0 < 2.6
Apple	watchOS	—	0 < 11.6

Weakness (CWE)

CWE	Source	Description
—	cna	Processing a maliciously crafted texture may lead to unexpected app termination
CWE-20	adp	CWE-20 Improper Input Validation

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (5)