Cyber Posture

CVE-2025-43510

HighCISA KEVActive Exploitation

Published: 12 December 2025

Published
12 December 2025
Modified
03 April 2026
KEV Added
20 March 2026
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0030 53.7th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-43510 is a high-severity Improper Locking (CWE-667) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 46.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SC-4 (Information in Shared System Resources).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match
prevent

Implements controls to protect system memory from unauthorized access, modification, or deletion, directly mitigating memory corruption from improper lock state checking.

SC-39 Process Isolation good match
prevent

Isolates processes to prevent a malicious application from causing unexpected changes in shared memory between processes.

SC-4 Information in Shared System Resources good match
prevent

Prevents unauthorized and unintended information transfer via shared system resources such as memory exploited by this vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Memory corruption in inter-process shared regions enables arbitrary code execution from a local unprivileged malicious application, directly facilitating exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS…

more

26.1. A malicious application may cause unexpected changes in memory shared between processes.

Deeper analysisAI

CVE-2025-43510 is a memory corruption vulnerability addressed by improved lock state checking in multiple Apple operating systems. It affects versions of iOS and iPadOS prior to 18.7.2 and 26.1, macOS Sequoia prior to 15.7.2, macOS Sonoma prior to 14.8.2, macOS Tahoe prior to 26.1, tvOS prior to 26.1, visionOS prior to 26.1, and watchOS prior to 26.1. The issue, associated with CWE-667 (Improper Locking), enables a malicious application to cause unexpected changes in memory shared between processes.

Exploitation requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), such as installing and running a malicious application. Attackers achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with no change in scope (S:U), resulting in a CVSS v3.1 base score of 7.8.

Apple's security advisories detail patches in the listed fixed versions across affected platforms. Mitigation involves updating to iOS 18.7.2 or 26.1, iPadOS 18.7.2 or 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, or watchOS 26.1, as described in support documents at https://support.apple.com/en-us/125632, https://support.apple.com/en-us/125633, https://support.apple.com/en-us/125634, https://support.apple.com/en-us/125635, and https://support.apple.com/en-us/125636.

Details

CWE(s)
CWE-667
KEV Date Added
20 March 2026

Affected Products

apple
ipados
26.0 · ≤ 18.7.2
apple
iphone os
26.0 · ≤ 18.7.2
apple
macos
26.0 · 14.0 — 14.8.2 · 15.0 — 15.7.2
apple
tvos
≤ 26.1
apple
visionos
≤ 26.1
apple
watchos
≤ 26.1

CVEs Like This One

CVE-2025-24085Same product: Apple Ipadosboth on KEV
CVE-2026-20700Same product: Apple Ipadosboth on KEV
CVE-2025-43520Same product: Apple Ipadosboth on KEV
CVE-2026-20698Same product: Apple Ipados
CVE-2025-24159Same product: Apple Ipados
CVE-2026-43668Same product: Apple Ipados
CVE-2026-20628Same product: Apple Ipados
CVE-2025-43529Same product: Apple Ipadosboth on KEV
CVE-2025-31277Same product: Apple Ipadosboth on KEV
CVE-2024-54517Same product: Apple Ipados

References