Cyber Resilience

CVE-2025-43219

High

Published: 02 April 2026

Published
02 April 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0043 34.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-43219 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-43219 is a memory corruption vulnerability stemming from inadequate memory handling, classified under CWE-787 (Out-of-bounds Write). It affects macOS systems, where processing a maliciously crafted image can lead to process memory corruption. Apple addressed the issue through improved memory handling, with a fix included in macOS Sequoia 15.6.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity. Remote attackers with no required privileges can exploit it over the network with low attack complexity, though it requires user interaction, such as opening the malicious image. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system control within the affected process scope.

Apple's security advisory at https://support.apple.com/en-us/124149 confirms the vulnerability was resolved via enhanced memory handling in macOS Sequoia 15.6, recommending users apply the update to mitigate risks.

EU & UK References

Vulnerability details

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.003 Malicious Image Execution
Adversaries may rely on a user running a malicious image to facilitate execution.
Why these techniques?

Memory corruption in image processing enables arbitrary code execution via malicious image file requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24231Same product: Apple Macos
CVE-2025-24273Same product: Apple Macos
CVE-2026-28825Same product: Apple Macos
CVE-2025-24139Same product: Apple Macos
CVE-2025-30464Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos
CVE-2025-43237Same product: Apple Macos
CVE-2026-39870Same product: Apple Macos
CVE-2025-43264Same product: Apple Macos
CVE-2025-43253Same product: Apple Macos

Affected Assets

apple
macos
≤ 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements memory safeguards like address space randomization and non-executable memory to directly prevent out-of-bounds writes causing process memory corruption from malicious images.

prevent

Validates image inputs to ensure they are properly formatted, blocking maliciously crafted images that trigger memory corruption during processing.

prevent

Ensures timely remediation of flaws like this memory handling vulnerability through patching, as demonstrated by Apple's fix in macOS Sequoia 15.6.

References