CVE-2025-43510

HIGH KEV

iPadOS < 18.7.2 - Memory Corruption via Improper Locking

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-43510 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 20, 2026.

Description

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpected changes in memory shared between processes.

References (10)

Core 10
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125632
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125633
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125634
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125635
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125636
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125637
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125638
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125639

Scores

CVSS v3 7.8
EPSS 0.0030
EPSS Percentile 54.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2026-03-20
VulnCheck KEV 2026-03-18
ENISA EUVD EUVD-2025-203138
CWE
CWE-667
Status published
Products (25)
Apple/iOS and iPadOS < 18.7.2
Apple/iOS and iPadOS < 26.1
Apple/iOS and iPadOS unspecified - 18.7
Apple/iOS and iPadOS unspecified - 26.1
apple/ipados 26.0
apple/ipados < 18.7.2
apple/iphone_os 26.0
apple/iphone_os < 18.7.2
apple/macos 26.0
Apple/macOS < 14.8.2
... and 15 more
Published Dec 12, 2025
KEV Added Mar 20, 2026
Tracked Since Feb 18, 2026