Cyber Resilience

CVE-2025-43359

Critical

Published: 15 September 2025

Published
15 September 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 42.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43359 is a critical-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2025-43359 is a logic issue in Apple's operating systems that was addressed through improved state management. The vulnerability causes a UDP server socket, intended to be bound to a local interface, to instead become bound to all interfaces, potentially exposing it network-wide. It affects iOS and iPadOS versions prior to 18.7 and 26, macOS Sequoia prior to 15.7, macOS Sonoma prior to 14.8, macOS Tahoe prior to 26, tvOS prior to 26, visionOS prior to 26, and watchOS prior to 26. The issue is tracked under CWE-670 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

A remote network attacker with no privileges or user interaction required can exploit this vulnerability due to its low attack complexity. Successful exploitation allows high-impact disruption to confidentiality, integrity, and availability, stemming from the unintended socket binding that could enable broader access or manipulation of network services.

Apple's security advisories detail mitigations through patches released in the specified versions: iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, and watchOS 26. Further details are available in the vendor's support documents at https://support.apple.com/en-us/125108, https://support.apple.com/en-us/125109, https://support.apple.com/en-us/125110, https://support.apple.com/en-us/125111, and https://support.apple.com/en-us/125112. Security practitioners should prioritize updating affected devices to these versions.

EU & UK References

Vulnerability details

A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A…

more

UDP server socket bound to a local interface may become bound to all interfaces.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unintended binding of UDP socket to all interfaces directly enables remote exploitation of a service that should be local-only (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-43347Same product: Apple Ipados
CVE-2025-24237Same product: Apple Ipados
CVE-2025-31255Same product: Apple Ipados
CVE-2026-20611Same product: Apple Ipados
CVE-2026-20650Same product: Apple Ipados
CVE-2026-28860Same product: Apple Ipados
CVE-2025-24129Same product: Apple Ipados
CVE-2026-43660Same product: Apple Ipados
CVE-2026-20698Same product: Apple Ipados
CVE-2026-28947Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.7
apple
iphone os
≤ 18.7
apple
macos
14.0 — 14.8 · 15.0 — 15.7
apple
tvos
≤ 26.0
apple
visionos
≤ 26.0
apple
watchos
≤ 26.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the socket binding logic flaw by requiring timely identification, reporting, and correction via vendor patches for affected Apple OS versions.

preventdetect

Mitigates remote exploitation by monitoring and controlling communications at external boundaries, blocking unauthorized access to the unexpectedly exposed UDP server socket.

prevent

Enforces secure configuration settings for network services to bind sockets only to local interfaces as intended, reducing risk of unintended network-wide exposure.

References