CVE-2025-43520
On November 3, 2025, Apple published security updates to address vulnerabilities in the following products: Safari – versions prior to 26.1 Xcode – versions prior to 26.1 iOS and iPadOS – versions prior to 26.1 macOS Sequoia – versions prior to 15.7.2 macOS Sonoma – versions prior to 14.8.2 macOS Tahoe – versions prior to 26.1 tvOS – versions prior to 26.1 visionOS – versions prior to 26.1 watchOS – versions prior to 26.1 Update 1 On March 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-43510 and CVE-2025-43520 to their Known Exploited Vulnerabilities (KEV) Database. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
EPSS 0.26% · 50.2th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| macOS | macOS Tahoe – versions prior to 26.1 | |
| tvOS | tvOS – versions prior to 26.1 | |
| visionOS | visionOS – versions prior to 26.1 | |
| iOS | iOS and iPadOS – versions prior to 26.1 | |
| macOS | macOS Sonoma – versions prior to 14.8.2 | |
| macOS | macOS Sequoia – versions prior to 15.7.2 | |
| Xcode | Xcode – versions prior to 26.1 | |
| watchOS | watchOS – versions prior to 26.1 | |
| Safari | Safari – versions prior to 26.1 |
Exploit Intelligence
- CIRCL exploited: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
- CIRCL seen: CVE-2025-43520 (circl-sighting)
…and 68 more exploits
Timeline
- Jun 14, 2021 VulnCheck KEV Exploitation
- Apr 16, 2025 CVE ID Reserved
- Dec 12, 2025 CVE Published
- Dec 12, 2025 PoC Published
- Dec 13, 2025 EPSS Score
- Dec 17, 2025 EPSS Score
- Dec 21, 2025 EPSS Score
- Dec 25, 2025 EPSS Score
- Dec 29, 2025 EPSS Score
- Jan 2, 2026 EPSS Score
- Jan 6, 2026 EPSS Score
- Jan 10, 2026 EPSS Score
References
- https://cyber.gc.ca/en/alerts-advisories/apple-security-advisory-av25-722 advisory
- https://support.apple.com/en-us/100100 vendor
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-43510 advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-43520 advisory