CVE-2025-43520
Published: 12 December 2025
Summary
CVE-2025-43520 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Apple Macos. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 50.0th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses memory corruption by enforcing mechanisms to protect kernel memory from unauthorized modification or access by malicious applications.
Ensures timely flaw remediation through patching, as demonstrated by Apple's updates fixing the memory handling vulnerability in affected OS versions.
Provides process isolation to prevent low-privilege malicious applications from writing to kernel memory or causing system termination.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel-level memory corruption vulnerability (out-of-bounds write) enables arbitrary kernel memory writes, directly facilitating exploitation for privilege escalation.
NVD Description
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1.…
more
A malicious application may be able to cause unexpected system termination or write kernel memory.
Deeper analysisAI
CVE-2025-43520 is a memory corruption vulnerability, classified under CWE-120, that was addressed through improved memory handling in multiple Apple operating systems. It affects iOS and iPadOS versions prior to 18.7.2 and 26.1, macOS Sequoia prior to 15.7.2, macOS Sonoma prior to 14.8.2, macOS Tahoe prior to 26.1, tvOS prior to 26.1, visionOS prior to 26.1, and watchOS prior to 26.1. The issue carries a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H), indicating a medium-severity local vulnerability with high availability impact.
A local attacker with low privileges, such as one running a malicious application on the system, can exploit this vulnerability. Successful exploitation may lead to unexpected system termination, resulting in a denial-of-service condition, or enable writing to kernel memory, potentially disrupting kernel stability.
Apple's security advisories detail the patches applied in the specified versions, recommending that users update to iOS 18.7.2 or 26.1, iPadOS 18.7.2 or 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, or watchOS 26.1 to mitigate the issue. Further details are available in the vendor's release notes at https://support.apple.com/en-us/125632, https://support.apple.com/en-us/125633, https://support.apple.com/en-us/125634, https://support.apple.com/en-us/125635, and https://support.apple.com/en-us/125636.
Details
- CWE(s)
- KEV Date Added
- 20 March 2026