{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43449", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.125Z", "datePublished": "2025-11-04T01:15:49.025Z", "dateUpdated": "2026-04-02T18:11:26.593Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious app may be able to track users between installs"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious app may be able to track users between installs."}], "references": [{"url": "https://support.apple.com/en-us/125632"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:11:26.593Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-04T16:29:02.276394Z", "id": "CVE-2025-43449", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T16:29:53.434Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43449", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-04T16:29:02.276394Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T16:29:49.484Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26.1", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125632"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious app may be able to track users between installs."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious app may be able to track users between installs"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-11-04T01:15:49.025Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43449", "state": "PUBLISHED", "dateUpdated": "2025-11-04T16:29:53.434Z", "dateReserved": "2025-04-16T15:24:37.125Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-11-04T01:15:49.025Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8", "versionEndExcluding": "26.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925", "versionEndExcluding": "26.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved handling of caches. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious app may be able to track users between installs."}], "id": "CVE-2025-43449", "lastModified": "2025-11-04T18:47:36.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-04T02:15:50.640", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125632"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T23:26:24.988007+00:00", "value": {"mitigation_remediation": ["Upgrade the device to iOS 26.1 or iPadOS 26.1 to apply the cache handling fix", "Remove any recently installed apps that are not from a trusted source", "Enable App Tracking Transparency to limit tracking by third\u2011party applications", "Adjust system privacy settings and app permissions to limit shared cache data, addressing the underlying information exposure weakness (CWE\u2011200)"], "summary": {"action": "Immediate patch", "impact": "Information disclosure via user tracking"}, "threat_synthesis": {"affected_systems": "Apple\u2019s iOS and iPadOS platforms are affected. Products include iPhone OS (iOS) and iPadOS. Firmware versions prior to iOS 26.1 and iPadOS 26.1 are vulnerable; the fix is available in those respective 26.1 releases.", "description_and_impact": "A flaw in the cache handling of iOS and iPadOS allows a malicious application to maintain persistence of identifiers across uninstallations and reinstallations. The vulnerability enables an attacker to track a user\u2019s device and activity between app installs, potentially compromising privacy and facilitating targeted data collection. This presents a moderate to high confidentiality impact.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity. However, the EPSS score is reported as less than 1%, suggesting a low current likelihood of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the description, the likely attack vector involves a malicious app distributed through an alternate app store or side\u2011loading mechanism, which then degrades the user\u2019s privacy by tracking through cached identifiers."}}}}, "created": "2025-11-04T16:34:14.944801+00:00", "title": "App can track users across installs via cache vulnerability", "updated": "2026-04-27T23:30:15.504380+00:00", "vendors": ["apple", "apple$PRODUCT$ios", "apple$PRODUCT$ipados"]}