CVE-2025-43359

CRITICAL

tvOS 26 - Info Disclosure

Title source: llm

Description

A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7, visionOS 26, iOS 18.7 and iPadOS 18.7. A UDP server socket bound to a local interface may become bound to all interfaces.

References (14)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/125108

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/125109

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/125111

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/125112

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/125114

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/125115

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/125116

[Mailing List] http://seclists.org/fulldisclosure/2025/Sep/49

[Mailing List] http://seclists.org/fulldisclosure/2025/Sep/53

[Mailing List] http://seclists.org/fulldisclosure/2025/Sep/54

[Mailing List] http://seclists.org/fulldisclosure/2025/Sep/55

[Mailing List] http://seclists.org/fulldisclosure/2025/Sep/56

[Mailing List] http://seclists.org/fulldisclosure/2025/Sep/57

[Mailing List] http://seclists.org/fulldisclosure/2025/Sep/58

Scores

CVSS v3 9.8

EPSS 0.0011

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-670

Status published

Affected Products (6)

apple/ipados < 18.7

apple/iphone_os < 18.7

apple/macos < 14.8

apple/tvos < 26.0

apple/visionos < 26.0

apple/watchos < 26.0

Timeline

Published Sep 15, 2025

Tracked Since Feb 18, 2026