CVE-2025-43520MEDIUM 5.5CISA KEVEPSS p31.7%

CVE-2025-43520Apple Multiple Products Classic Buffer Overflow Vulnerability

Apple / Multiple Products

Description

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.

Scoring

CVSS 3.15.5 (MEDIUM)
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS0.40% probability of exploitation · percentile 31.7% · 2026-06-19T12:03:05Z
Published2025-12-12
Last modified2026-04-03

CISA KEV entry

Added to KEV: 2026-03-20

Underlying weaknesses· 1

CWE-120

References

  1. https://support.apple.com/en-us/125632
  2. https://support.apple.com/en-us/125633
  3. https://support.apple.com/en-us/125634
  4. https://support.apple.com/en-us/125635
  5. https://support.apple.com/en-us/125636
  6. https://support.apple.com/en-us/125637
  7. https://support.apple.com/en-us/125638
  8. https://support.apple.com/en-us/125639

1

TypeTargetConfidenceTier
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-1200%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryApple Multiple Products Classic Buffer Overflow Vulnerabilitykev-cve-2025-435200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apple Multiple Buffer Overflow Vulnerability
CVE
Apple Multiple Products Buffer Overflow Vulnerability
CVE
Apple Multiple Products Memory Corruption Vulnerability
CVE
Apple Multiple Products Improper Locking Vulnerability
CVE
Apple Multiple Products Memory Initialization Vulnerability
CVE
Apple iOS and iPadOS Buffer Overflow Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.