CVE-2025-43200

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 3 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.91%

probability

This CVE has a 0.91% probability of being exploited in the next 30 days.

0% Top 76.1th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Logic issue when processing photo or video

Google Project Zero

Patched

June 11, 2025

Reported by

Apple

Root Cause Analysis

???

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

TheHackerNews

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

TheHackerNews

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

TheHackerNews Dec 13, 2025

Signal Intelligence

Confidenceⓘ

78%

EPSS 0.91%

Mentions 3

Last Seen Dec 13, 2025

CNA Information

Analyst Note

CVE-2025-43200 is confirmed as an actively exploited vulnerability affecting multiple Apple platforms, with evidence of in-the-wild exploitation reported by The Hacker News. The vulnerability involves a logic issue in photo/video processing via iCloud Links and has been patched across iOS, iPadOS, macOS, and other Apple products, indicating vendor acknowledgment and remediation efforts. However, the relatively low CVSS score (4.2) and limited public technical details slightly temper confidence, though the Google Project Zero involvement and multi-platform impact support the confirmed classification.