4.8 CVE-2025-43200
CISA Kev Catalog
This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
https://nvd.nist.gov/vuln/detail/CVE-2025-43200
Categories
CWE-NVD-noinfo
References
134c704f-9b21-4f2e-91b3-4a467353bcc0
| https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mer... Press/Media Coverage |
product-security@apple.com
| https://support.apple.com/en-us/122173 Vendor Advisory |
| https://support.apple.com/en-us/122174 Vendor Advisory |
| https://support.apple.com/en-us/122345 Vendor Advisory |
| https://support.apple.com/en-us/122346 Vendor Advisory |
| https://support.apple.com/en-us/122900 Vendor Advisory |
| https://support.apple.com/en-us/122901 Vendor Advisory |
| https://support.apple.com/en-us/122902 Vendor Advisory |
| https://support.apple.com/en-us/122903 Vendor Advisory |
| https://support.apple.com/en-us/122904 Vendor Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | < 15.8.4 | |
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | >= 16.0 | < 16.7.11 |
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | >= 17.0 | < 17.7.5 |
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | >= 18.0 | < 18.3.1 |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | < 15.8.4 | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | >= 16.0 | <= 16.7.11 |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | >= 17.0 | <= 18.3.1 |
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | < 13.7.4 | |
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | >= 14.0 | < 14.7.4 |
| cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* | >= 15.0 | < 15.3.1 |
| cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* | < 2.3.1 | |
| cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* | < 11.3.1 | |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
