CVE-2025-43541

MEDIUM

Safari < 26.2 - Type Confusion via Malicious Web Content

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-43541. PoCs published by crypt0bit, adminlove520.

AI-analyzed exploit summary This repository contains a JavaScript/HTML PoC targeting CVE-2025-43541, a WebKit/JavaScriptCore vulnerability involving ArrayBuffer manipulation and DataView access to trigger crashes or instability. The code is designed for research and demonstrates abnormal behavior in Safari, particularly on iOS.

Description

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Exploits (2)

nomisec WORKING POC 6 stars
by crypt0bit · poc
https://github.com/crypt0bit/CVE-2025-43541

This repository contains a JavaScript/HTML PoC targeting CVE-2025-43541, a WebKit/JavaScriptCore vulnerability involving ArrayBuffer manipulation and DataView access to trigger crashes or instability. The code is designed for research and demonstrates abnormal behavior in Safari, particularly on iOS.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: WebKit/JavaScriptCore (Safari on iOS)
No auth needed
Prerequisites: Access to a vulnerable WebKit/JavaScriptCore environment (e.g., Safari on iOS)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 2 stars
by adminlove520 · pythonpoc
https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-43541

This repository contains a JavaScript/HTML PoC targeting a WebKit/JavaScriptCore vulnerability (CVE-2025-43541) involving ArrayBuffer resizing and DataView manipulation to trigger browser instability or crashes. The PoC is designed for research and testing purposes, with explicit warnings about potential risks.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: WebKit/JavaScriptCore (Safari on iOS)
No auth needed
Prerequisites: Browser with WebKit/JavaScriptCore (e.g., Safari on iOS)
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125884
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125885
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125886
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125891
Release Notes, Vendor Advisory
https://support.apple.com/en-us/125892

Scores

CVSS v3 4.3
EPSS 0.3200
EPSS Percentile 98.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-843
Status published
Products (10)
Apple/iOS and iPadOS < 18.7.3
Apple/iOS and iPadOS < 26.2
apple/ipados < 18.7.3
apple/iphone_os < 18.7.3
apple/macos < 26.2
Apple/macOS < 26.2
apple/safari < 26.2
Apple/Safari < 26.2
apple/visionos < 26.2
Apple/visionOS < 26.2
Published Dec 17, 2025
Tracked Since Feb 18, 2026