1. Home
  2. Vulnerabilities
  3. CVE-2025-43529
Known Exploited Vulnerability
8.8
HIGH CVSS 3.1
CVE-2025-43529
Apple Multiple Products Use-After-Free WebKit Vulnerability - [Actively Exploited]
Overview
Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

Details
INFO

Published Date :

Dec. 17, 2025, 9:16 p.m.

Last Modified :

April 3, 2026, 2:17 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Known Ransomware Campaign Use:

Unknown

Notes :

https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529

Impact
Affected Products

The following products are affected by CVE-2025-43529 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Apple macos
2 Apple iphone_os
3 Apple tvos
4 Apple watchos
5 Apple safari
6 Apple ipados
7 Apple visionos
: Total Affected Vendor : 1 | Products : 7
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH 134c704f-9b21-4f2e-91b3-4a467353bcc0
Solution
Update devices to the latest versions to fix memory management and code execution flaws.
  • Update watchOS to version 26.2.
  • Update Safari to version 26.2.
  • Update iOS to version 18.7.3 or 26.2.
  • Update iPadOS to version 18.7.3 or 26.2.
Public PoC/Exploit Available at Github

CVE-2025-43529 has a 27 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-43529.

URL Resource
https://support.apple.com/en-us/125884 Release Notes Vendor Advisory
https://support.apple.com/en-us/125885 Release Notes Vendor Advisory
https://support.apple.com/en-us/125886 Release Notes Vendor Advisory
https://support.apple.com/en-us/125889 Release Notes Vendor Advisory
https://support.apple.com/en-us/125890 Release Notes Vendor Advisory
https://support.apple.com/en-us/125891 Release Notes Vendor Advisory
https://support.apple.com/en-us/125892 Release Notes Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-43529 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-43529 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
20obb/darksword-Exploit

None

HTML JavaScript Python

Updated: 1 week ago
1 stars 0 fork 0 watcher
Born at : April 14, 2026, 10:57 a.m. This repo has been linked 6 different CVEs too.
Profile Photo
20obb/darksword-analysis

a new update for analysis darksword

HTML JavaScript Python

Updated: 1 week ago
1 stars 0 fork 0 watcher
Born at : April 14, 2026, 4:53 a.m. This repo has been linked 6 different CVEs too.
Profile Photo
20obb/darksword-readme

None

HTML JavaScript

Updated: 1 week, 1 day ago
2 stars 0 fork 0 watcher
Born at : April 13, 2026, 10:24 a.m. This repo has been linked 6 different CVEs too.
Profile Photo
8kSec/awesome-mobile-security

The most comprehensive Android & iOS security reference — tools, research papers, exploit techniques, platform internals, CTFs, and more. Built for security engineers.

Updated: 6 days, 7 hours ago
3 stars 0 fork 0 watcher
Born at : April 12, 2026, 4:30 p.m. This repo has been linked 35 different CVEs too.
Profile Photo
tuffzsh/4pple-pls-ser0tonin

First ever untethered full-root jailbreak on iOS 18.0 - 18.7.2

Updated: 1 week, 3 days ago
0 stars 0 fork 0 watcher
Born at : April 10, 2026, 2:20 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
EolnMsuk/AntiDarkSword-TrollStore

A localized security framework for iOS which mitigates zero-click payloads and browser RCEs through granular WebKit isolation.

Makefile Logos

Updated: 1 week, 3 days ago
5 stars 0 fork 0 watcher
Born at : April 8, 2026, 8:35 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
EolnMsuk/AntiDarkSword-rootful

An iOS security tweak that hardens vulnerable jailbroken devices against WebKit and iMessage-based exploits (DarkSword & Coruna)

antidarksword coruna darksword dopamine eolnmsuk exploit ios ios-security-tool iphone jailbreak javascript jit palera1n rootful roothide security-tools tweak tweaks useragent-parser webkit

Makefile Logos Objective-C Shell

Updated: 1 week, 3 days ago
3 stars 1 fork 1 watcher
Born at : March 30, 2026, 7:47 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
EolnMsuk/AntiDarkSword

An iOS security tweak that hardens vulnerable jailbroken devices against WebKit and iMessage-based exploits (DarkSword & Coruna)

coruna dopamine exploit jailbreak javascript jit roothide rootless tweak tweaks useragent-parser webkit antidarksword darksword ios ios-development security-tools ios-security-tool eolnmsuk iphone

Makefile Logos Objective-C Shell

Updated: 1 week, 2 days ago
27 stars 4 fork 4 watcher
Born at : March 29, 2026, 10:40 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
stationedK-06/DarkSword_analysis

Static analysis of the DarkSword iOS WebKit exploit chain — delivery, staging, and CVE breakdown (CVE-2025-31277, CVE-2025-43529)

Updated: 3 weeks, 4 days ago
0 stars 0 fork 0 watcher
Born at : March 27, 2026, 6:55 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
kmeps4/bugtest

CVE-2025-43529 Test

HTML

Updated: 1 month, 2 weeks ago
1 stars 0 fork 0 watcher
Born at : March 2, 2026, 4:23 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
sundenovak/CVE-2026-20700-An-analysis-WIP

[WORK IN PROGRESS] My analysis of CVE-2026-20700

Updated: 1 month, 4 weeks ago
2 stars 0 fork 0 watcher
Born at : Feb. 18, 2026, 12:27 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
lucacapacci/PoC-in-GitHub

Mirror of https://github.com/nomi-sec/PoC-in-GitHub

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Feb. 7, 2026, 10:02 a.m. This repo has been linked 789 different CVEs too.
Profile Photo
bjrjk/js-vuln-studies

A collection of in-depth studies authored by me on JavaScript engine vulnerabilities.

Updated: 2 months, 1 week ago
41 stars 4 fork 4 watcher
Born at : Feb. 5, 2026, 5:17 p.m. This repo has been linked 6 different CVEs too.
Profile Photo
SimoesCTT/SCTT-2026-33-PAC-Speculative-PAC-Oracle

SCTT-2026-33-PAC is the first operational Speculative PAC Oracle based on Convergent Time Theory (CTT). While Apple's Pointer Authentication (PAC) on the M1–M3 and A14+ chips uses cryptographic signatures to ensure pointer integrity, this exploit leverages Theorem 4.2 to bypass

Python

Updated: 2 months, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Feb. 1, 2026, 3:11 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
bjrjk/CVE-2025-43529

Root Cause Analysis for CVE-2025-43529, a UAF vulnerability due to incorrect DFG StoreBarrierInsertionPhase in JavaScriptCore.

Updated: 2 months, 2 weeks ago
14 stars 1 fork 1 watcher
Born at : Feb. 1, 2026, 11:36 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-43529 vulnerability anywhere in the article.

  • security.nl
Apple maakt iOS 18-update wegens exploit voor meer iPhones beschikbaar

Apple heeft wegens een exploit die misbruik maakt van iOS-kwetsbaarheden besloten om de laatste iOS 18-update voor meer iPhones en iPads beschikbaar te stellen. Vorige maand waarschuwden Google, Look ... Read more

Published Date: Apr 02, 2026 (2 weeks, 5 days ago)
  • CybersecurityNews
DarkSword Exploit Chain That Can Hack Millions of iPhones Leaked Online

A powerful iOS exploit toolkit known as DarkSword has been publicly leaked on GitHub, dramatically lowering the barrier for cybercriminals to target hundreds of millions of iPhones and iPads still run ... Read more

Published Date: Mar 24, 2026 (4 weeks ago)
  • security.nl
Exploitkit voor het hacken van kwetsbare iPhones gepubliceerd op internet

Een exploitkit voor het hacken van kwetsbare iPhones is gepubliceerd op internet, wat de kans op grootschalig misbruik vergroot. Vorige week waarschuwden Google, Lookout en iVerify voor een exploitkit ... Read more

Published Date: Mar 24, 2026 (4 weeks ago)
  • Daily CyberSecurity
Unmasking DarkSword: GTIG Exposes Full-Chain iOS Exploit Used by Global Spies

Timeline of DarkSword observations and vulnerability patches | Image: GTIG In a comprehensive technical disclosure, the Google Threat Intelligence Group (GTIG) has revealed the existence of a highly s ... Read more

Published Date: Mar 22, 2026 (4 weeks, 2 days ago)
  • SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 12

The Good | Operation Synergia III Disrupts Malicious Networks & the EU Sanctions State-Sponsored Attackers Operation Synergia III, an Interpol-led crackdown spanning July 2025 to January 2026, has dis ... Read more

Published Date: Mar 20, 2026 (1 month ago)
  • Help Net Security
DarkSword: Researchers uncover another iOS exploit kit

A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. iOS vulnerabili ... Read more

Published Date: Mar 19, 2026 (1 month ago)
  • The Hacker News
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intellige ... Read more

Published Date: Mar 19, 2026 (1 month ago)
  • The Cyber Express
Multiple Threat Actors Exploiting a Six-Vulnerability iOS Exploit Kit Dubbed “DarkSword”

It takes a single page load on a compromised Ukrainian government site, no tap, no download, no warning — and an iPhone running iOS 18.4 through 18.6.2 hands over its messages, photos, passwords, Tele ... Read more

Published Date: Mar 19, 2026 (1 month ago)
  • The Register
State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns

A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by "multiple" spyware vendors and suspected nation-state goons, security researchers said on Wednesday. The e ... Read more

Published Date: Mar 18, 2026 (1 month ago)
  • CybersecurityNews
New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data

DarkSword iOS Exploit A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and state-sponsored threat actors since at least Novemb ... Read more

Published Date: Mar 18, 2026 (1 month ago)
  • security.nl
Onderzoekers ontdekken iOS-exploit gebruikt om iPhones te infecteren

Onderzoekers hebben een iOS-exploit ontdekt die sinds eind vorig jaar door meerdere actoren is gebruikt om iPhones bij gerichte aanvallen met malware te infecteren. Afhankelijk van de betreffende acto ... Read more

Published Date: Mar 18, 2026 (1 month ago)
  • Google Cloud
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

Introduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in rec ... Read more

Published Date: Mar 18, 2026 (1 month ago)
  • The Register
Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals. CVE-2026-20700, discovere ... Read more

Published Date: Feb 12, 2026 (2 months, 1 week ago)
  • Help Net Security
Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)

Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component o ... Read more

Published Date: Feb 12, 2026 (2 months, 1 week ago)
  • security.nl
Apple dicht lek gebruikt bij 'zeer geraffineerde aanval' tegen iPhone-gebruikers

Apple heeft beveiligingsupdates uitgebracht voor een kwetsbaarheid (CVE-2026-20700) die is ingezet bij een 'zeer geraffineerde aanval' tegen de iPhones van bepaalde specifieke personen. Wat de aanvall ... Read more

Published Date: Feb 12, 2026 (2 months, 1 week ago)
  • The Hacker News
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices

Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, ... Read more

Published Date: Feb 12, 2026 (2 months, 1 week ago)
  • CybersecurityNews
Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals

Apple 0-Day Vulnerability Exploited Apple released iOS 26.3 and iPadOS 26.3 on February 11, 2026, patching over 40 vulnerabilities, including a critical zero-day in the dyld component actively exploit ... Read more

Published Date: Feb 12, 2026 (2 months, 1 week ago)
  • Daily CyberSecurity
Apple Zero-Day (CVE-2026-20700) Exploited in the Wild

Apple has issued an emergency security update for its entire mobile ecosystem, racing to close a critical zero-day vulnerability that is currently being used in what the company describes as an “extre ... Read more

Published Date: Feb 12, 2026 (2 months, 1 week ago)
  • Help Net Security
January 2026 Patch Tuesday forecast: And so it continues

Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the la ... Read more

Published Date: Jan 09, 2026 (3 months, 1 week ago)
  • europa.eu
Cyber Brief 26-01 - December 2025

Cyber Brief (December 2025)January 5, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 368 open source reports for this Cyber Security Brief[^1].Relating to cyber policy and law enforcement, the ... Read more

Published Date: Jan 05, 2026 (3 months, 2 weeks ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-43529 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Apr. 03, 2026

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions up to (excluding) 18.7.3 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 18.7.3 OR *cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions up to (excluding) 18.7.3 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 18.7.3 *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2
  • CVE Modified by [email protected]

    Apr. 02, 2026

    Action Type Old Value New Value
    Changed Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report. A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
  • Initial Analysis by [email protected]

    Dec. 18, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* versions up to (excluding) 26.2 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions from (including) 26.0 up to (excluding) 26.2 *cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* versions up to (excluding) 18.7.3 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 18.7.3
    Added Reference Type Apple Inc.: https://support.apple.com/en-us/125884 Types: Release Notes, Vendor Advisory
    Added Reference Type Apple Inc.: https://support.apple.com/en-us/125885 Types: Release Notes, Vendor Advisory
    Added Reference Type Apple Inc.: https://support.apple.com/en-us/125886 Types: Release Notes, Vendor Advisory
    Added Reference Type Apple Inc.: https://support.apple.com/en-us/125889 Types: Release Notes, Vendor Advisory
    Added Reference Type Apple Inc.: https://support.apple.com/en-us/125890 Types: Release Notes, Vendor Advisory
    Added Reference Type Apple Inc.: https://support.apple.com/en-us/125891 Types: Release Notes, Vendor Advisory
    Added Reference Type Apple Inc.: https://support.apple.com/en-us/125892 Types: Release Notes, Vendor Advisory
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529 Types: US Government Resource
  • New CVE Received by [email protected]

    Dec. 17, 2025

    Action Type Old Value New Value
    Added Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
    Added Reference https://support.apple.com/en-us/125884
    Added Reference https://support.apple.com/en-us/125885
    Added Reference https://support.apple.com/en-us/125886
    Added Reference https://support.apple.com/en-us/125889
    Added Reference https://support.apple.com/en-us/125890
    Added Reference https://support.apple.com/en-us/125891
    Added Reference https://support.apple.com/en-us/125892
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Dec. 17, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
    Added CWE CWE-416
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-43529
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 8.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact