VDB
CNVD-2025-19354
CNVD-2025-19354
PUBLISHED
iPadOS是苹果公司为iPad设备开发的移动端操作系统,它是基于iOS开发的,专门针对iPad进行优化。iPhone OS是苹果公司为iPhone和iPod touch开发的操作系统。macOS是一套由苹果开发的运行于Macintosh系列电脑上的操作系统。 Apple iPadOS、iPhone OS及macOS存在越界写入漏洞,该漏洞存在于Image I/O框架中,攻击者可利用漏洞在处理恶意图像文件可能会导致内存损坏,还可能进一步发起其他攻击。
Exploit Intelligence
- The exploit code for CVE-2025-43300. (github-poc)
- The exploit code for CVE-2025-43300. (github-poc)
- Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
- Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
- CVE-2025-55177 + CVE-2025-43300: reverse-engineering the WhatsApp-ImageIO zero-click iOS chain, with interactive labs. (github-poc-repo)
- CVE-2025-55177 + CVE-2025-43300: reverse-engineering the WhatsApp-ImageIO zero-click iOS chain, with interactive labs. (github-poc-repo)
- CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corruption (github-poc)
- CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corruption (github-poc)
- This is POC for IOS 0click CVE-2025-43300 (github-poc)
- This is POC for IOS 0click CVE-2025-43300 (github-poc)
…and 24 more exploits
Timeline
- Aug 21, 2025 CVE Published