Cyber Posture

CVE-2025-43222

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43222 is a critical-severity Use After Free (CWE-416) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Mandates timely identification, reporting, and correction of flaws like this use-after-free vulnerability through patching to fixed OS versions.

SI-16 Memory Protection good match
prevent

Implements memory protections such as ASLR and DEP that directly prevent or hinder exploitation of use-after-free memory corruption.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Requires vulnerability scanning to identify instances of CVE-2025-43222, enabling prompt remediation before exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Remote use-after-free enables client-side exploitation for code execution or app termination (T1203).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination.

Deeper analysisAI

CVE-2025-43222 is a use-after-free vulnerability (CWE-416) affecting Apple's iPadOS and macOS operating systems. The issue was addressed by removing the vulnerable code and is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7. It was published on 2025-07-30.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it remotely exploitable over a network with low attack complexity, no required privileges or user interaction, and high impacts on confidentiality, integrity, and availability. An attacker may be able to cause unexpected app termination.

Apple's security advisories confirm the fix through code removal in the listed updates, with details available at https://support.apple.com/en-us/124148, https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151, and http://seclists.org/fulldisclosure/2025/Jul/31. Security practitioners should prioritize patching affected systems to the specified versions.

Details

CWE(s)
CWE-416

Affected Products

apple
ipados
≤ 17.7.9
apple
macos
≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

CVEs Like This One

CVE-2025-43529Same product: Apple Ipados
CVE-2025-30465Same product: Apple Ipados
CVE-2025-43300Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados
CVE-2025-31279Same product: Apple Ipados
CVE-2025-24118Same product: Apple Ipados
CVE-2025-24102Same product: Apple Ipados
CVE-2025-43220Same product: Apple Ipados
CVE-2025-43202Same product: Apple Ipados
CVE-2025-24213Same product: Apple Ipados

References