CVE-2025-43529
ENISA EUVD: EUVD-2025-203963 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
7 articles
Published: 2025-12-17
EPSS Score
Source: FIRST.org · 2026-05-23
0.21%
probability
This CVE has a 0.21% probability
of being exploited in the next 30 days.
0%
Top 43.0th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Affected Products
Apple
Safari
0
Apple
iOS and iPadOS
0
0
Apple
macOS
0
Apple
tvOS
0
Apple
visionOS
0
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Google Project Zero
Patched
Dec. 12, 2025
Reported by
Google Threat Analysis Group
Root Cause Analysis
???
Exploits & PoC
zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
99
2026-03-24
jir4vv1t/CVE-2025-43529
exploit for cve-2025-43529
79
2026-01-05
bjrjk/CVE-2025-43529
Root Cause Analysis for CVE-2025-43529, a UAF vulnerability due to incorrect DFG StoreBarrierInsertionPhase in JavaScriptCore.
17
2026-02-01
SimoesCTT/Convergent-Time-Theory-Enhanced-iOS-Safari-RCE-CVE-2025-43529-
CTT-Enhanced iOS Safari Exploit (based on CVE-2025-43529)
1
2026-01-28
SimoesCTT/CTT-Apple-Silicon-Refraction
webkit_refraction.js (The 33-Layer WebGL Payload) This JavaScript payload uses the \alpha constant to create a high-frequency "Memory Shiver." It ind
1
2026-01-30
kmeps4/bugtest
CVE-2025-43529 Test
1
2026-03-02
sakyu7/sakyu7.github.io
🔍 Analyze WebKit and ANGLE vulnerabilities with this repository for CVE-2025-43529 and CVE-2025-14174, focusing on verified components and ongoing eff
0
2026-02-21
7 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
92%
EPSS
0.21%
CVSS v3.1
8.8
Mentions
7
Last Seen
Apr 01, 2026
CNA Information
CNA Assigner
apple
Analyst Note
CVE-2025-43529 is confirmed as an actively exploited zero-day affecting multiple Apple platforms with a HIGH CVSS score of 8.8. The vulnerability has been reported by Google Project Zero and documented across multiple reputable cybersecurity sources (BleepingComputer, TheHackerNews, CyberScoop), confirming in-the-wild exploitation in sophisticated attacks. Apple's official advisory and coordinated patching across iOS, iPadOS, macOS, and other platforms provide strong corroboration of the threat.
Threat Actors 5
APT 28
apt_group
Information theft and espionage
🇷🇺 RU
Hacking Team
apt_group
🇮🇹 IT
Mana Team
apt_group
🇨🇳 CN
Operation Triangulation
apt_group
Information theft and espionage
🇷🇺 RU
APT 5
apt_group
Information theft and espionage
🇨🇳 CN
Triage Info
Decided atMar 03, 2026
Published DateDec 17, 2025