CVE-2025-43200

MEDIUM KEV

iPadOS < 15.8.4 - Logic Issue in iCloud Link Photo/Video Processing

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-43200 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 16, 2025.

Description

This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

References (11)

Core 11

Scores

CVSS v3 4.2
EPSS 0.0088
EPSS Percentile 75.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2025-06-16
VulnCheck KEV 2025-06-11
ENISA EUVD EUVD-2025-18428
Status published
Products (14)
Apple/iOS and iPadOS < 15.8.4
Apple/iOS and iPadOS < 16.7.11
Apple/iOS and iPadOS < 18.3.1
apple/ipados < 15.8.4
Apple/iPadOS < 17.7.5
apple/iphone_os < 15.8.4
apple/macos < 13.7.4
Apple/macOS < 13.7.4
Apple/macOS < 14.7.4
Apple/macOS < 15.3.1
... and 4 more
Published Jun 16, 2025
KEV Added Jun 16, 2025
Tracked Since Feb 18, 2026