{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43353", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.111Z", "datePublished": "2025-09-15T22:35:46.825Z", "dateUpdated": "2026-04-02T18:25:18.683Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing a maliciously crafted string may lead to heap corruption"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption."}], "references": [{"url": "https://support.apple.com/en-us/125110"}, {"url": "https://support.apple.com/en-us/125111"}, {"url": "https://support.apple.com/en-us/125112"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:25:18.683Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43353", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-17T03:55:44.238391Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:48:33.804Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/55"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/54"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:12:07.503Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/55"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/54"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:12:07.503Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43353", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-17T03:55:44.238391Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-18T18:50:17.453Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.8", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125112"}, {"url": "https://support.apple.com/en-us/125110"}, {"url": "https://support.apple.com/en-us/125111"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing a maliciously crafted string may lead to heap corruption"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-09-15T22:35:46.825Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43353", "state": "PUBLISHED", "dateUpdated": "2025-11-03T18:12:07.503Z", "dateReserved": "2025-04-16T15:24:37.111Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-09-15T22:35:46.825Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EF389A5-03CF-478D-9CE9-26556CBD4CEC", "versionEndExcluding": "14.8", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D37B8DD2-ECC6-469E-A1A3-148B98F9DEB6", "versionEndExcluding": "15.7", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption."}], "id": "CVE-2025-43353", "lastModified": "2026-04-02T19:20:32.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-15T23:15:37.180", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/125110"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125111"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/54"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/55"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:39:53.032256+00:00", "value": {"mitigation_remediation": ["Update the macOS installation to at least macOS Sequoia 15.7, macOS Sonoma 14.8, or macOS Tahoe 26, which contain the enhanced bounds\u2011checking fix.", "Reboot the system after the update to ensure all services load with the patched code.", "Enable automatic macOS software updates to reduce the window of exposure for future vulnerabilities."], "summary": {"action": "Patch Update", "impact": "Heap Corruption"}, "threat_synthesis": {"affected_systems": "All Apple macOS releases prior to macOS Sequoia 15.7, macOS Sonoma 14.8, and macOS Tahoe 26 are affected; the issue is fixed in those releases and later versions.", "description_and_impact": "The vulnerability is a bounds\u2011check flaw that can be triggered by a maliciously crafted string, resulting in heap corruption.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA KEV. The likely attack vector involves the processing of a maliciously crafted string by an affected component."}}}}, "created": "2025-09-17T10:05:15.691770+00:00", "title": "Heap Corruption via Malicious String Processing in macOS", "updated": "2026-04-28T10:45:29.424636+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia", "apple$PRODUCT$macos_sonoma", "apple$PRODUCT$macos_tahoe"]}