CVE-2025-43534 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-43534 PUBLISHED CVSS 6.800000190734863 MEDIUM

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.

EPSS 0.02% · 5.8th percentile

Risk Scores

CVSS v3.1

6.800000190734863

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.02%

5.8th percentile

Affected Products

Vendor	Product	Versions
Apple	iOS and iPadOS	0, 0
apple	ipados	0, 26.0, 0
apple	iphone_os	0, 26.0, 0

Timeline

Mar 25, 2026 CVE Published
Mar 25, 2026 EPSS Score
Mar 25, 2026 PoC Published
Mar 29, 2026 Security Advisory

References

https://support.apple.com/en-us/126793 advisory
https://support.apple.com/en-us/126794 advisory
https://support.apple.com/en-us/126798 advisory
https://support.apple.com/en-us/126800 advisory
https://support.apple.com/en-us/126796 advisory
https://support.apple.com/en-us/126792 advisory
https://support.apple.com/en-us/126795 advisory
https://support.apple.com/en-us/126799 advisory
https://support.apple.com/en-us/126797 advisory
https://support.apple.com/en-us/126801 advisory
https://support.apple.com/en-us/125884 url
https://nvd.nist.gov/vuln/detail/CVE-2025-43534 advisory

Open in Interactive Console →