Cyber Resilience

CVE-2025-43510

HighCISA KEVActive ExploitationEUVD Exploited

Published: 12 December 2025

Published
12 December 2025
Modified
03 April 2026
KEV Added
20 March 2026
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0030 54.0th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43510 is a high-severity Improper Locking (CWE-667) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SC-4 (Information in Shared System Resources).

Deeper analysis

CVE-2025-43510 is a memory corruption vulnerability resulting from inadequate lock state checking that allows unexpected changes to memory shared between processes. It affects Apple platforms prior to the listed fixed releases, specifically iOS and iPadOS before 18.7.2 and 26.1, macOS Sequoia before 15.7.2, macOS Sonoma before 14.8.2, macOS Tahoe before 26.1, and tvOS, visionOS, and watchOS before 26.1. The flaw is tracked under CWE-667 and carries a CVSS 3.1 base score of 7.8.

A local attacker can exploit the issue by supplying a malicious application that requires user interaction to run. Successful exploitation grants the ability to alter shared memory across processes, producing high impacts on confidentiality, integrity, and availability without needing elevated privileges.

Apple security advisories at support.apple.com/en-us/125632 through 125636 state that the vulnerability is resolved in the updated releases by adding improved lock state checking. The current EPSS score of 0.0030 indicates low exploitation probability with no reported rise after disclosure.

EU & UK References

Vulnerability details

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS…

more

26.1. A malicious application may cause unexpected changes in memory shared between processes.

CWE(s)
KEV Date Added
20 March 2026

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Memory corruption in inter-process shared regions enables arbitrary code execution from a local unprivileged malicious application, directly facilitating exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20700Same product: Apple Ipadosboth on KEV
CVE-2025-43520Same product: Apple Ipadosboth on KEV
CVE-2025-24085Same product: Apple Ipadosboth on KEV
CVE-2026-20698Same product: Apple Ipados
CVE-2026-20628Same product: Apple Ipados
CVE-2026-28995Same product: Apple Ipados
CVE-2025-24159Same product: Apple Ipados
CVE-2026-43668Same product: Apple Ipados
CVE-2025-43529Same product: Apple Ipadosboth on KEV
CVE-2025-31277Same product: Apple Ipadosboth on KEV

Affected Assets

apple
ipados
26.0 · ≤ 18.7.2
apple
iphone os
26.0 · ≤ 18.7.2
apple
macos
26.0 · 14.0 — 14.8.2 · 15.0 — 15.7.2
apple
tvos
≤ 26.1
apple
visionos
≤ 26.1
apple
watchos
≤ 26.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements controls to protect system memory from unauthorized access, modification, or deletion, directly mitigating memory corruption from improper lock state checking.

prevent

Isolates processes to prevent a malicious application from causing unexpected changes in shared memory between processes.

prevent

Prevents unauthorized and unintended information transfer via shared system resources such as memory exploited by this vulnerability.

References