CVE-2025-43300

ENISA EUVD: EUVD-2025-25409 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 10 articles Published: 2025-08-21

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

4.42%

probability

This CVE has a 4.42% probability of being exploited in the next 30 days.

0% Top 89.1th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Affected Products

Apple

iOS and iPadOS

0 0 0

Apple

iPadOS

Apple

macOS

0 0 0

apple

ipados

apple

iphone os

apple

macos

Apple

macOS

0 <13.7.8

Apple

macOS

0 <15.6.1

Apple

macOS

unspecified <15.6

Apple

iOS and iPadOS

unspecified <15.8

Apple

iPadOS

0 <17.7.10

Apple

iOS and iPadOS

unspecified <18.6

Apple

macOS

unspecified <14.7

Apple

iOS and iPadOS

0 <16.7.12

Apple

iPadOS

unspecified <17.7

Apple

iOS and iPadOS

0 <15.8.5

Apple

macOS

unspecified <13.7

Apple

iOS and iPadOS

unspecified <16.7

Apple

iOS and iPadOS

0 <18.6.2

Apple

macOS

0 <14.7.8

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Google Project Zero

Patched

Aug. 20, 2025

Reported by

Apple

Root Cause Analysis

???

Exploits & PoC

hunters-sec/CVE-2025-43300

This is POC for IOS 0click CVE-2025-43300

110 2025-08-24

7amzahard/CVE-2025-43300

CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corruption

10 2025-12-02

PwnToday/CVE-2025-43300

CVE-2025-43300: iOS/macOS DNG Image Processing Memory Corruption

6 2025-09-09

ticofookfook/CVE-2025-43300

3 2025-09-30

Dark-life944/CVE-2025

This is POC for IOS 0click CVE-2025-43300

1 2025-08-24

AR-DEV-1/CVE-2025-43300-exp

The exploit code for CVE-2025-43300.

0 2025-08-22

veniversum/cve-2025-43300

0 2025-09-18

7 repos — triés par ⭐ Rechercher sur GitHub ↗

https://support.apple.com/en-us/124925

https://support.apple.com/en-us/124926

https://support.apple.com/en-us/124927

https://support.apple.com/en-us/124928

https://support.apple.com/en-us/124929

https://support.apple.com/en-us/125141

Signal Intelligence

Confidenceⓘ

92%

EPSS 4.42%

CVSS v3.1 10

Mentions 10

Last Seen Dec 13, 2025

CNA Information

CNA Assigner

apple

Analyst Note

This CVE is a confirmed zero-day with CVSS 10.0 criticality that has been actively exploited in sophisticated targeted attacks against specific individuals, as acknowledged by Apple. The vulnerability affects a wide range of iOS/iPadOS versions with official patches released, corroborated by multiple credible security news sources including BleepingComputer reporting on the exploited zero-day status.