CVE-2025-43216 - Vulnerability Details

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ios Ipados Macos Macos Sequoia Tvos Visionos Watchos

No data.

References

Link	Providers
https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124148
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124152
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124154
https://support.apple.com/en-us/124155

History

Wed, 30 Jul 2025 23:00:00 +0000

Type	Values Removed	Values Added
Description	A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.	A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References		https://support.apple.com/en-us/124152

Wed, 30 Jul 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 30 Jul 2025 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Wed, 30 Jul 2025 11:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios Apple ipados Apple macos Apple macos Sequoia Apple tvos Apple visionos Apple watchos
Vendors & Products		Apple Apple ios Apple ipados Apple macos Apple macos Sequoia Apple tvos Apple visionos Apple watchos

Tue, 29 Jul 2025 23:45:00 +0000

Type	Values Removed	Values Added
Description		A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References		https://support.apple.com/en-us/124147 https://support.apple.com/en-us/124148 https://support.apple.com/en-us/124149 https://support.apple.com/en-us/124153 https://support.apple.com/en-us/124154 https://support.apple.com/en-us/124155

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-07-29T23:36:05.488Z

Updated: 2025-07-30T22:57:09.239Z

Reserved: 2025-04-16T15:24:37.089Z

Link: CVE-2025-43216

Vulnrichment

Updated: 2025-07-30T13:23:44.141Z

NVD

Status : Received

Published: 2025-07-30T00:15:33.710

Modified: 2025-07-30T23:15:27.570

Link: CVE-2025-43216

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object