Cyber Posture

CVE-2025-43219

High

Published: 02 April 2026

Published
02 April 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43219 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match
prevent

Implements memory safeguards like address space randomization and non-executable memory to directly prevent out-of-bounds writes causing process memory corruption from malicious images.

SI-10 Information Input Validation good match
prevent

Validates image inputs to ensure they are properly formatted, blocking maliciously crafted images that trigger memory corruption during processing.

SI-2 Flaw Remediation good match
prevent

Ensures timely remediation of flaws like this memory handling vulnerability through patching, as demonstrated by Apple's fix in macOS Sequoia 15.6.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.003 Malicious Image Execution
Adversaries may rely on a user running a malicious image to facilitate execution.
attack.mitre.org →
Why these techniques?

Memory corruption in image processing enables arbitrary code execution via malicious image file requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.

Deeper analysisAI

CVE-2025-43219 is a memory corruption vulnerability stemming from inadequate memory handling, classified under CWE-787 (Out-of-bounds Write). It affects macOS systems, where processing a maliciously crafted image can lead to process memory corruption. Apple addressed the issue through improved memory handling, with a fix included in macOS Sequoia 15.6.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity. Remote attackers with no required privileges can exploit it over the network with low attack complexity, though it requires user interaction, such as opening the malicious image. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system control within the affected process scope.

Apple's security advisory at https://support.apple.com/en-us/124149 confirms the vulnerability was resolved via enhanced memory handling in macOS Sequoia 15.6, recommending users apply the update to mitigate risks.

Details

CWE(s)
CWE-787

Affected Products

apple
macos
≤ 15.6

CVEs Like This One

CVE-2024-54509Same product: Apple Macos
CVE-2025-30464Same product: Apple Macos
CVE-2025-24139Same product: Apple Macos
CVE-2026-28825Same product: Apple Macos
CVE-2025-43237Same product: Apple Macos
CVE-2025-24273Same product: Apple Macos
CVE-2025-24231Same product: Apple Macos
CVE-2025-43264Same product: Apple Macos
CVE-2025-43253Same product: Apple Macos
CVE-2025-43300Same product: Apple Macos

References