A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. Processing maliciously crafted web content may lead to an unexpected process crash.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Apple
  • Ios
  • Ipados
  • Iphone Os
  • Macos
  • Safari
  • Tvos
  • Visionos
  • Watchos

Configuration 1 [-]

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://seclists.org/fulldisclosure/2025/Sep/49 cve-icon
http://seclists.org/fulldisclosure/2025/Sep/53 cve-icon
http://seclists.org/fulldisclosure/2025/Sep/57 cve-icon
http://seclists.org/fulldisclosure/2025/Sep/59 cve-icon
http://www.openwall.com/lists/oss-security/2025/09/22/3 cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-43342 cve-icon
https://support.apple.com/en-us/125108 cve-icon cve-icon
https://support.apple.com/en-us/125109 cve-icon cve-icon
https://support.apple.com/en-us/125113 cve-icon cve-icon
https://support.apple.com/en-us/125114 cve-icon cve-icon
https://support.apple.com/en-us/125115 cve-icon cve-icon
https://support.apple.com/en-us/125116 cve-icon cve-icon
https://webkitgtk.org/security/WSA-2025-0006.html cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-43342 cve-icon
History

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash. A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. Processing maliciously crafted web content may lead to an unexpected process crash.

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 24 Sep 2025 00:15:00 +0000

Type Values Removed Values Added
Title webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 17 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple safari
Apple tvos
Apple visionos
Apple watchos

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-09-15T22:35:12.163Z

Updated: 2025-11-04T21:10:40.303Z

Reserved: 2025-04-16T15:24:37.110Z

Link: CVE-2025-43342

cve-icon Vulnrichment

Updated: 2025-11-04T21:10:40.303Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:36.483

Modified: 2025-11-04T22:16:14.727

Link: CVE-2025-43342

cve-icon Redhat

Severity : Important

Publid Date: 2025-09-23T00:00:00Z

Links: CVE-2025-43342 - Bugzilla