CVE-2025-43400

MEDIUM

iPadOS < 18.7.1 - Out-of-bounds Write via Maliciously Crafted Font

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-43400. PoCs published by csrXamfi.

AI-analyzed exploit summary The repository contains only a README.md file referencing CVE-2025-43400 with a placeholder for a video and report, but no actual exploit code or technical details are provided.

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.1 and iPadOS 18.7.1, iOS 26.0.1 and iPadOS 26.0.1, macOS Sequoia 15.7.1, macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, tvOS 26.1, visionOS 26.0.1, watchOS 26.1. Processing a maliciously crafted font may lead to unexpected app termination or corrupt process memory.

Exploits (1)

nomisec WRITEUP 5 stars
by csrXamfi · poc
https://github.com/csrXamfi/CVE-2025-43400

The repository contains only a README.md file referencing CVE-2025-43400 with a placeholder for a video and report, but no actual exploit code or technical details are provided.

Classification
Writeup 30%
Attack Type
Other
Complexity
Theoretical
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Scores

CVSS v3 6.3
EPSS 0.0633
EPSS Percentile 92.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (15)
Apple/iOS and iPadOS < 18.7.1
Apple/iOS and iPadOS < 26.0.1
apple/ipados 26.0
apple/ipados < 18.7.1
apple/iphone_os 26.0
apple/iphone_os < 18.7.1
apple/macos 26.0
Apple/macOS < 14.8.1
Apple/macOS < 15.7.1
Apple/macOS < 26.0.1
... and 5 more
Published Sep 29, 2025
Tracked Since Feb 18, 2026