{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43504", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:27:21.193Z", "datePublished": "2025-11-04T01:17:21.026Z", "dateUpdated": "2026-04-02T18:22:09.762Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A user in a privileged network position may be able to cause a denial-of-service"}]}], "affected": [{"vendor": "Apple", "product": "Xcode", "versions": [{"version": "0", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service."}], "references": [{"url": "https://support.apple.com/en-us/125641"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:22:09.762Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-04T13:07:16.935477Z", "id": "CVE-2025-43504", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T13:07:19.240Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43504", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-04T13:07:16.935477Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T13:07:10.369Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Xcode", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26.1", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125641"}], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A user in a privileged network position may be able to cause a denial-of-service"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-11-04T01:17:21.026Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43504", "state": "PUBLISHED", "dateUpdated": "2025-11-04T13:07:19.240Z", "dateReserved": "2025-04-16T15:27:21.193Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-11-04T01:17:21.026Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFE80301-44C1-41B8-B3CE-058B8536D964", "versionEndExcluding": "26.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service."}], "id": "CVE-2025-43504", "lastModified": "2025-11-04T16:22:02.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-04T02:15:53.370", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125641"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T21:28:59.463212+00:00", "value": {"mitigation_remediation": ["Apply the latest Apple Xcode 26.1 update or a later release to replace the vulnerable code. ", "If an immediate upgrade is not feasible, restrict privileged network users from accessing or executing the vulnerable component of Xcode, effectively isolating the risk. ", "Continuously monitor the Xcode service for unexpected restarts or crashes; if a denial of service occurs, reload the application promptly as a stop\u2011gap until the patch can be applied."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Apple\u2019s Xcode development environment is affected, specifically all versions that preceded 26.1. The issue applies to Xcode installations running on any Apple platform where a privileged user can interact with the vulnerable component, but no specific patch versions are listed beyond the fix in 26.1.", "description_and_impact": "A buffer overflow that allowed a privileged network user to terminate Xcode exists. The flaw was mitigated by enhanced bounds checking and is fixed in Xcode 26.1. The vulnerability falls under CWE\u2011119, a buffer copy or write weakness that can lead to loss of service.", "risk_and_exploitability": "The CVSS score of 4.9 indicates moderate impact. The EPSS score of less than 1\u202f% shows a low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Exploitation appears to require a user with privileged network access to the Xcode environment, suggesting that the attack uses a local or network-based privilege to trigger a denial of service."}}}}, "created": "2025-11-04T16:34:09.532894+00:00", "title": "Buffer Overflow Causing Denial of Service in Xcode", "updated": "2026-04-22T21:30:27.821053+00:00", "vendors": ["apple", "apple$PRODUCT$xcode"]}