CVE Catalog

CVE-2025-43438

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.05%

61th percentile - higher than 61% of all known CVEs

Summary

A use-after-free vulnerability was addressed with improved memory management in Safari and Apple operating systems. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Risk Assessment

An attacker could exploit this vulnerability to crash Safari, disrupting user activity and potentially enabling further attacks on the system.

Recommendation

Immediately update Safari to version 26.1 and Apple operating systems to the specified versions (iOS 18.7.2, iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1).

Original NVD description (English source)

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS